A reaction where the system, either automatically or in coordination with the user, obstructs or impacts the advancement of a recognized attack.
Active response can take one of three forms: modifying the environment, gathering more data, or counterattacking the threat actor. The key aspect is that the system does not passively monitor, but actively engages with the attack.