Agent Client Collector Security Incident Response

Release version: Xanadu

Updated August 1, 2024

1 minute to read

Agent Client Collector Security Incident Response (ACC-SIR) enables you to automate security incident enrichment data collection and response actions using the Agent Client Collector. This functionality is measured by the Security Operations Security Incident Response (SIR).

Note:

Agent Client Collector Security Incident Response is no longer supported. For details on replacement options, see the Deprecation guidance for Agent Client Collector Security Incident Response [KB2249776] article in the Now Support Knowledge Base.

Select from a list of actions (capabilities) that come with the base system, to run on security incidents. The Agent Client Collector Security Incident Response functionality uses the util.command.agent and util.osquery.agent check definitions (run by Agent Client Collector Spoke) to run commands and OS queries on security incidents. Capabilities are part of existing system subflows in the Agent Client Collector Security Incident Response integration app. You can also add customized commands and OSquery sql queries to run on the security incidents.

For details on the plugins installed with Security Incident Response, see Plugins or applications installed with ITOM Health.