Using Active Response Use Active Response to search incidents, collect data, trigger reactions, and take action on potential threats in your environment. Receive immediate alerts Active Response and expose suspicious behaviors exhibited by potential threats. Investigate and enable in-depth analysis of processes' activity over time and rank these potential threats. Remediate threats with one-click correction to stop threats and update protection on all endpoints. Using the Threat Workspace The Threat Workspace is where you can see all potential threats on managed endpoints and respond to them. Searching endpoint dataActive Response searches data on your managed endpoints in real time. Collecting endpoint dataActive Response collects real-time data from managed endpoints. Active Response collectors are components that run on managed endpoints, executed by search expressions. Reacting to incidentsActive Response acts on managed endpoints by executing reaction code. Catching threatsActive Response triggers track system activity to detect possible threats. They can be set to catch specific events on managed endpoints and react immediately. Adding custom contentCustom content specifies code or scripts that Active Response clients execute on managed endpoints. Backing up and sharing contentYou can export Active Response content to a file in JSON format. Use the exported file to restore content after a product upgrade or to share your collectors, triggers, and reactions with other Active Response installations. Error codesThese error codes appear in Active Response Search or in Active Response client logs. Use this table to troubleshoot a problem or as reference when contacting product support.