The repetitive nature of response tasks is one of the biggest causes of fatigue and burnout among Incident Responders. Anyone who’s been on-call on a Security team can remember how many hours they’ve spent opening the same tabs, clicking the same buttons, copy+pasting the same indicator data, and performing other similar tasks repeatedly. Imagine if that time was spent building stronger detection capabilities instead, or even better, on taking a break from the screen and going out for a walk! While this can be solved by outsourcing the frontline response capabilities, it can be costly in terms of time and money to identify a proficient vendor, obtain approvals, finalize the contract, as well as the financial cost of the service…. What if I told you that at Segment we built this capability with an open-source tool in the same amount of time it would take a team to do all of the above with the time and resources of a single full-time security engineer? Welcome to the story of our Response Automation journey!