Once we receive an Alarm of an attack happening, we can trigger automatic responses to perform actions related to (or against) this attack. These sort of actions, through real time responses, allow administrators to save time.
Responses raise predefined Actions such as sending an email, blocking the connection at firewall level or disabling a switch port. These actions use a set of variables like SRC_IP, DATE, etc... which get substituted in real time when this action gets used by any response.
After defining a set of generic actions we establish a policy for action firing, very similar to the periodization policy