-
Create and manage Response Actions for metas displayed in Respond, Investigate, Hosts, and Users views that support context highlights.
-
Perform Quick Actions on the applicable meta and post the meta with additional information to the connector for taking further actions.
For more information on how to create and manage the Response Actions, see Create and Manage Response Actions. For more information on how to add parameters and post the parameters with meta to the connector, see Response Actions and Quick Actions Use Case Examples.
RBAC Permissions for Response Actions
-
You can view the Response Actions configured in the Response Actions view only if you have response-actions-server.actiondefinition.read permission.
-
You must have response-actions-server.actiondefinition.manage permission to create, edit, clone, delete, enable, and disable the Response Action.
-
You must have response-actions-server.history.read permission to view the Response Action history.
-
You must have response-actions-server.actiondefinition.execute permission to execute any response actions.
For more information, see How Role-Based Access Control Works topic in the System Security and User Management Guide for 12.4.
Workflow
The following figure shows the high-level NetWitness Response Actions workflow process.
For more information on the workflow, see Response Actions and Quick Actions Use Case Examples.
Response Actions Server
In 12.4 version, the new service Response Actions Server is introduced in the 
