Response Actions and Automations
Available to Admins only
Response Actions (also referred to as Response Automations) allow you to automatically execute custom Python code when investigations complete. This enables seamless integration with external systems and consistent, repeatable response workflows.
Response Actions are commonly used to:
Notify external systems
Trigger remediation workflows
Enrich tickets or records
Apply policy-driven actions at scale
### How Response Automations Work
Execution Model
Trigger Events Dropzone has over 50 triggers to fire your Response Action. These range from Investigations complete with a specific status to a change of an API key.
Sandboxed Environment Code runs in an isolated container using Python 3.11.
Data Injection Investigation context and stored secrets are injected automatically as Python dictionaries. You can use the example script here to see the investigation variable and all information available to you using Response Actions.
The variables avaiable can change depending on the trigger you use. Keep this in mind when planning/creating Response Actions.
Result Capture All output, errors, and execution status are logged for auditing and troubleshooting.
Want to learn more? Check out our Building Reponse Automations and Actions Best Practices Guide
Last updated
Was this helpful?