ConfigureIcon_17x14.png (CONFIGURE) > More > Response Actions) allows you to integrate the supported third-party tools or connectors with NetWitness platform and perform the following actions.

  • Create and manage Response Actions for metas displayed in Respond, Investigate, Hosts, and Users views that support context highlights.

  • Perform Quick Actions on the applicable meta and post the meta with additional information to the connector for taking further actions.


For more information on how to create and manage the Response Actions, see Create and Manage Response Actions. For more information on how to add parameters and post the parameters with meta to the connector, see Response Actions and Quick Actions Use Case Examples.

RBAC Permissions for Response Actions

  • You can view the Response Actions configured in the Response Actions view only if you have permission.

  • You must have response-actions-server.actiondefinition.manage permission to create, edit, clone, delete, enable, and disable the Response Action.

  • You must have permission to view the Response Action history.

  • You must have response-actions-server.actiondefinition.execute permission to execute any response actions.

For more information, see How Role-Based Access Control Works topic in the System Security and User Management Guide for 12.4.


The following figure shows the high-level NetWitness Response Actions workflow process.


For more information on the workflow, see Response Actions and Quick Actions Use Case Examples.

Response Actions Server

In 12.4 version, the new service Response Actions Server is introduced in the AdminIcon_20x16.pngAdmin > Hosts view to integrate the third-party tools with NetWitness Platform.

124_services (RAS)_0224.png