Which function is NOT allowed for the RTR Active Responder role?

The function that is not allowed for the RTR (Real Time Response) Active Responder role is the ability to create custom scripts. The RTR Active Responder role is designed to provide capabilities focused on responding to incidents in real-time rather than developing new responses. Users with this role can execute and run predefined commands and scripts, allowing them to interact with endpoints for investigation and remediation purposes. However, creating new scripts typically falls outside the scopes of this role.

In contrast, the ability to modify devices, run existing custom scripts, and extract files are functions that align with the primary responsibilities of the Active Responder role, which emphasizes immediate action against threats rather than the development of new tools or scripts. This distinction is important to ensure that users in this role maintain a focused approach on incident response while working within the parameters of the tools already provided.