Action Connectors

With Radiant’s Action Connectors, you can handle containment and remediation directly within the platform without switching between tools. By adding an Action Connector, you allow specific actions, like isolating a host or resetting a password, to run immediately or via automation right from the Incidents page.

Once an Action Connector is created and enabled, you choose which of its actions to include in a Workflow. When an incident meets your Workflow’s criteria, the exact actions you have selected become available for you to execute, so you remain in full control of the entire process. Most customers trigger actions manually to retain oversight, but you can also configure automated execution as part of the same Workflow.

For example, imagine you’ve added your email gateway connector and included its "Find and soft delete emails" and "Block sender" actions in a phishing Workflow. From then on, every alert classified as phishing will display those two actions as options. Your analyst can click to run them manually, or (if you’ve enabled automatic response) the Workflow will execute them as soon as the alert arrives.

The Action Connectors page

To set up an Action Connector in Radiant or view all supported Action Connectors:

  1. Click the Settings (gear) icon in the navigation menu.

  2. Click Action Connectors.

  3. Click + Add Connector to select the data source you'd like to connect from the available list.

Configure Action Connectors in your Workflows

  1. Log in to Radiant Security.

  2. In the navigation menu, click Workflows.

  3. Create a new Workflow by clicking + Create Workflow, or edit an existing one.

  4. Click + Add Step, then click Add Workflow Task.

  1. In the Add Task section, select the tasks you want to add.

  1. After selecting the Task Type, choose the Vendor and configure the Advanced Settings:

    1. Auto execute: Automatically runs the action each time the Workflow is triggered.

    2. Requires approval: Notifies you through Email, Slack, or Microsoft Teams to manually approve the action before it runs.

      1. For Wait For, enter how long to wait for a response. When that period ends with no response, select whether the workflow should Execute or Stop.

        1. For Notification Type, select your preferred notification channels: Email, Slack, or Microsoft Teams.

  1. Click Save.

  2. Toggle to Active to enable the Workflow.

PreviousZScaler NSS (syslog)NextCrowdstrike OAuth2

Last updated