Active response
Active responses perform various countermeasures to address active threats, such as blocking access to an agent from the threat source when certain criteria are met.
Active responses execute a script in response to the triggering of specific alerts based on the alert level or rule group. Any number of scripts can be initiated in response to a trigger, however, these responses should be considered carefully. Poor implementation of rules and responses may increase the vulnerability of the system.
Contents
- How it works
- Configuration
- Custom Active Response
- Use cases
- FAQ
- What's new in Active Response?
- Will active response continue working after upgrading to Wazuh v4.2.0?
- Will the active response alerts continue to be the same?
- Can I share custom Active Response scripts using centralized configuration?
- Can I configure active responses for only one host?
- Can an active response remove the action after a period of time?