Reactions

Reactions transform Jibril from a passive monitoring tool into an active security defense system. When security events are detected, reactions can automatically execute custom code to respond, remediate, or gather additional intelligence.

📚 Documentation Structure

This directory contains comprehensive documentation for Jibril's Reactions feature:

Core Documentation

• Overview - Introduction to reactions and how they work

• JavaScript API - Complete reference for all available helper functions

• Configuration - How to configure reactions in detection recipes

Practical Guides

• Examples - Real-world reaction examples and use cases

• Best Practices - Security and operational guidelines

• Common Errors - Troubleshooting guide for common issues

Performance & Security

• Performance - Optimization guidelines and considerations

• Security - Security implications and safe usage patterns

🚀 Quick Start

1. Start with the Overview to understand what reactions are and how they work

2. Review Examples to see practical implementations

3. Use the JavaScript API as a reference while building reactions

4. Follow Best Practices for secure and efficient implementations

🔧 Key Capabilities

• Process Management: Terminate malicious processes automatically

• Network Policy: Block IPs and domains in real-time

• File Operations: Read configurations and write forensic evidence

• Data Persistence: Track incidents across reaction executions

• Emergency Actions: System shutdown and kernel panic in critical situations

Reactions provide powerful automation capabilities while maintaining strict security boundaries and performance considerations.