Adaptive Response

You can create a correlation search and bind it to the adaptive response action when you save it. This allows you to call actions automatically when you run a search.

Before you begin:

Select an index on the Alert Actions Configuration tab in the Tenable Configuration section to retrieve data.

To configure saved actions:

Configure adaptive response actions when you create a correlation search.

Note: When you run the search, the actions are retrieved automatically

1. In the Splunk navigation bar, click the Apps drop-down menu.

   

2. Select Enterprise Security.

   The Enterprise Security page appears:

   

3. In the Enterprise Security top navigation bar, click Configure.

   A drop-down menu appears:

   

4. Click Content.

   More options appear.

5. Click Content Management.

   The Content Management page appears.

6. In the top-right corner, click the Create New Content button.

   A drop-down menu appears:

   
   

7. Select Correlation Search.

8. Enter information for the correlation search. Refer to the Correlation Search section in the Splunk user guide for additional information.

9. Scroll to the Adaptive Response Actions section.

10. Click the Add New Response Action link.

    A list of options appears:

    

11. Select the appropriate action for your search.

12. The field options for the selected option appear:

    

13. Enter the required information in the fields of your added response action.

14. Click Save.

    A confirmation message appears.

15. Run a search.