Overview of McAfee Active Response McAfee® Active Response is an endpoint detection and response tool that finds and responds to advanced threats. Through early detection of suspicious activity or indicators of prior attacks, endpoint administrators and incident responders can use Active Response to quickly and effectively deal with security breaches. What is Active Response? By providing information about potentially malicious processes, Active Response reduces the resources needed to detect risks from unknown processes running on endpoints. By integrating file reputation, Active Response allows you to act on shared threat intelligence with simplified workflows. You can take quick corrective actions to remediate a threat, and adapt protection measures against future attacks. Active Response brings together McAfee® Threat Intelligence Exchange (TIE) and McAfee® Data Exchange Layer (DXL). Together they provide global threat information with locally collected, customer-specific intelligence that can be shared, allowing multiple security solutions to operate as one. Together Active Response, Threat Intelligence Exchange, and Data Exchange Layer narrow the gap from encounter to containment for advanced targeted attacks from days, weeks, or months down to seconds. Key features of Active ResponseActive Response displays potential threats ranked by risk, so you can investigate, correct, and adapt with a single-click action. Use near real-time searches and hunting flows based on collectors, triggers, and reactions. Collectors and reactions can be customized and used with the defaults. How Active Response worksActive Response is composed of a cloud service, the server, a set of extensions, and endpoint clients.