TOC & Recently Viewed

Recently Viewed Topics

Adaptive Response

You can create a correlation search and bind it to the adaptive response action when you save it. This allows you to automatically call actions when you run a search.

Before you begin:

You must select an index on the Alert Actions Configuration tab in the Tenable Configuration section to retrieve data.

Configure Saved Actions

Configure adaptive response actions when you create a correlation search.

Note: The actions are retrieved automatically when you run the search.

To configure adaptive response actions:

  1. In the Splunk navigation bar, click the Apps drop-down menu.

  2. Select Enterprise Security.

    The Enterprise Security page appears.

  3. In the Enterprise Security top navigation bar, click Configure.

    A drop-down menu appears.

  4. Click Content.

    Additional options appear.

  5. Click Content Management.

    The Content Management page appears.

  6. In the top right corner, click the Create New Content button.

    A drop-down menu appears.


  7. Select Correlation Search.

  8. Enter information for the correlation search. Refer to the Correlation Search section in the Splunk user guide for additional information.

  9. Scroll to the Adaptive Response Actions section.

  10. Click the Add New Response Action link.

    A list of options appear.

  11. Select the appropriate action for your search.
  12. The field options for the selected option appears..

  13. Enter the required information in the fields of your added response action.
  14. Click Save.

    A confirmation message appears.

  15. Run a search.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.