# Response Actions in Cases

Radiant Cases allow you to take direct action on the key artifacts associated with an attack. Rather than switching between external tools, you can execute response actions, such as blocking URLs, disabling users, or isolating endpoints, directly from the case view.

For a complete list of available response actions and their requirements, see the [Radiant Response Actions](https://help.radiantsecurity.ai/radiant-cases/radiant-cases/response-actions) guide.

### Prerequisites

* [ ] The relevant [Action Connectors](https://help.radiantsecurity.ai/radiant-cases/radiant-cases/broken-reference) (e.g., Okta, CrowdStrike OAuth2, Microsoft O365) must be configured and enabled.

### Execute a response action

Response actions are organized by key artifact type (Users, IPs, URLs) within the case **Overview** tab. You can act on a single artifact or perform bulk actions on multiple items at once. 

To execute a response action:

1. Navigate to the **Overview** tab of your case. 
2. Locate the relevant artifact table (e.g., Source IP) and check the box next to the specific items you want to target.

{% hint style="info" %}
**Note:** You must select at least **one artifact** to enable the action buttons.
{% endhint %}

3. Click the appropriate action button located at the top-right of the table (e.g., Block IP address).
4. A confirmation modal will appear listing the specific artifacts you are about to impact. Review the list carefully, then click the confirmation button (e.g., **Block IP** address) to execute.

<div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2FkAbuuicSyEGuZOT4rczA%2Fresponse-action-table.png?alt=media&#x26;token=eb6cd62c-3dc4-4f1d-a24b-fab0290cf393" alt="" width="563"><figcaption></figcaption></figure></div>

### Verify action status

Once an action is initiated, Radiant provides real-time feedback directly in the artifact table so you can track its progress.

* Look at the **Actions taken** column in the artifact row. It will update immediately to reflect the current state (e.g., Taking action: Enable User or Error: Enable user).
* For more detail, click the row or the side-drawer icon. The **Response** tab in the artifact drawer shows a complete **Action history**, including who executed them, when they occurred, and their final result.

<div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2FB9R4R20kGv6WpDzMUpv6%2Fresponse-action-artifact-drawer.png?alt=media&#x26;token=f1042501-429d-4fe2-93f2-842ec997b258" alt="" width="375"><figcaption></figcaption></figure></div>

### Reverse an action

If you need to **undo** a remediation step (for example, re-enabling a user after an investigation clears them), you can often do so directly from the same view.

1. Select the artifact again.
2. Look for the **inverse action button** in the header (e.g., Enable user vs. Disable user).
3. Confirm the action to restore the original state.

{% hint style="warning" %}
**Important note:** Not all actions are reversible (e.g., hard deleting data). Always verify your selection in the confirmation modal before proceeding.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-cases/radiant-cases/response-actions-in-cases.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.