An Action in S4E is a prebuilt, scheduled, or AI-based security service that runs independently to automate remediation, monitoring, and response tasks. Actions are available in the Library and can be assigned to your environment through the My List section.
How Actions Work
Actions are prebuilt security services maintained in the S4E Action Library. The workflow is:
- Browse the Action Library to find relevant actions for your environment.
- Assign an action to your account by configuring its execution parameters.
- Activate the action from your My List to start running it.
- Monitor results and execution history.
Action Library
Navigate to Actions > Library in the left sidebar to browse all available actions. The library page shows:
- A subtitle: "Browse prebuilt security actions, review their purpose and expected output, then run or assign the ones that fit your environment."
- Search and Assignment filters to find specific actions.
Action Card
Each action is displayed as a card containing:
| Field | Description |
|---|---|
| Name | The action name (e.g., "Accessibility Alert for Internal Asset", "AI Asset Classifier"). |
| Status | Active or inactive indicator. |
| Estimated time | How long the action takes to execute (e.g., 2 minutes, 5 minutes). |
| Usage Count | How many times the action has been used across the platform. |
| Execution | The execution type (e.g., Scheduled). |
| Description | What the action does and how it works. |
| Benefit | Why this action is useful for your environment. |
| Expert Comment | Additional insights from security experts (expandable). |
| Sample Output Preview | Example of the output the action produces (expandable). |
Actions that have already been assigned show a See Results button instead of the Assign button.
Assigning an Action
Click Assign on an action card to configure and add it to your account. There are two assignment types:
Time Interval Based
For actions that run on a recurring schedule:
- Set the Time Interval (in days) -- e.g., "1" for daily execution.
- Optionally provide Custom Parameters in JSON format.
- Review Suggested Custom Parameters for guidance on available options (e.g., assets, CIDR ranges, prefixes).
- Click Assign.
Scan Based
For actions that are triggered by a specific scan:
- Use the Search by Scan dropdown to find and select a scan tool.
- The action will execute whenever the selected scan runs.
- Click Assign.
My List
After assigning an action, it appears in Actions > My List. This is your personal list of assigned actions.
The My List page shows:
| Column | Description |
|---|---|
| Action | The name of the assigned action. |
| Status | Current status (e.g., Pending Approval, Active, Inactive). |
| Execution | How the action runs (e.g., Scheduled, Every 1 day). |
| Last Run Date | When the action last executed. |
Use the Search and Status filters to find specific actions.
Action Menu
Click the three-dot menu on any action in My List to access:
| Option | Description |
|---|---|
| Activate / Disable | Toggle the action on or off. Active actions show Disable; inactive actions show Activate. |
| Update | Modify the action's parameters or schedule. |
| Test Run | Execute a one-time test run to verify the action works correctly. |
| Show History | View the execution history and past results. |
| View in Library | Go back to the action's card in the Library. |
What's Next?
- Triggering Actions -- Assign and activate actions.
- AI Actions -- AI-generated remediation actions.
- Action History -- View action execution history.