Create an Incident Response scenario to decrease the number of objects in a Box contract

Defender 2.0 allows you to target and activate on-chain activity using Incident Response scenarios quickly. This tutorial shows how to create a scenario that monitors the number of objects in a Box contract and executes an action when an object is added to it.

Pre-requisites

  • OpenZeppelin Defender 2.0 account. You can sign up to Defender 2.0 here.

1. Action setup

In this tutorial, you will monitor this contract in Goerli, which stores a number of objects while allowing anyone to add or remove objects using the addObject() and removeObject() functions respectively. For every object added, your scenario will execute an action that removes an object and decreases the total by one. To set up the action, follow these steps:

  1. Open Defender 2.0 Manage Relayers in a web browser.

  2. Fill the form with the following parameters and click on Create:

    • Name: Relayer Goerli

    • Network: Goerli

  3. Transfer some Goerli ETH to the relayer address created in the previous step.

  4. Navigate to Defender 2.0 Address Book to import the BoxV2 contract.

  5. Fill the form with the following parameters and click on Create:

    • Name: BoxV2

    • Network: Goerli

    • Address: 0x7A99C479775C945C2Ea4CF6986425de1d816DaE4

  6. Navigate to Defender 2.0 Incident Response Transaction Template creation page.

  7. Fill the General Information section with the following parameters:

    • Name: Remove object

    • Contract: BoxV2

  8. Select the removeObject function from the dropdown menu in the Function section.

  9. Expand the dropdown on the Approval Process section and click on Create Approval Process.

  10. Fill the form with the following parameters and click on Save Changes:

    • Name: BoxV2 IR Sender

    • Relayer: Relayer Goerli (created in the first step)

  11. Select BoxV2 IR Sender as the approval process and click on Save Transaction Template

    Incident Response page with Transaction Template

2. Scenario setup

With the action configured, you now need to create the scenario. To do so, follow these steps:

  1. Open the Defender 2.0 Incident Response scenario creation page.

  2. Rename the scenario Remove from BoxV2 if Object is Added.

  3. Drag the Remove object action to the first row.

  4. Click on Save.

    Incident Response BoxV2 scenario

3. Monitor setup

After creating the scenario, you need to configure a monitor that keeps track of the number of objects in the BoxV2 contract to trigger the scenario. To do so, follow these steps:

  1. Open the Defender 2.0 Monitor creation page.

  2. Fill the General Information section with the following parameters:

    • Name: BoxV2 Objects Monitor

    • Risk Category: Suspicious Activity

    • Contract: BoxV2

    • Confirmation Blocks: Confirmed (1 blocks)

    Incident Response Monitor General Information
  3. In the Transaction Filters section, add status == "success" for the Transaction properties field.

  4. In the Function section, select addObject()

  5. Within the Alerts section, select the Remove from BoxV2 if Object is Added scenario for the Execute an Incident Response Scenario option.

    Incident Response BoxV2 Objects monitor
  6. Click on Save Monitor, which will start running.

4. Seeing it in action

While the monitor runs, it will detect any transaction that matches the addObject() function to trigger the Incident Response scenario. To manually execute such a transaction, follow these steps:

  1. Open the Defender 2.0 Transaction Proposal creation page.

  2. Fill the form with the following parameters:

    • Name: BoxV2 Add Object Trigger

    • Contract: BoxV2

    • Function: addObject

    • Approval Process: BoxV2 IR Sender

  3. Click on Submit Transaction Proposal.

    Transaction Proposal Trigger
  4. Click on the transaction proposal to open its page.

  5. Click on the top-right button Approve and Execute to execute the transaction, which will trigger the Incident Response scenario through the monitor.

  6. Wait for the transaction to be executed and open the Defender 2.0 Incident Response Scenarios page.

    Incident Response Active Scenario
  7. Click on View Active Run and check the details of your scenario response.

  8. After the run is executed successfully, you can verify the response by checking the activity of the contract on Etherscan. It should look like this:

    Incident Response Etherscan Response

Next steps

Congratulations! You now have a complete Incident Response scenario that will be running and checking every confirmed block. Scenarios can be expanded with parallel actions for more technical combinations. In case you are interested in advanced use cases, we are working on Incident-Response-related guides.