Automatic measures to enable Active Defense are the tools or systems configured to measure specified data against established baselines. By leveraging automation we can increase the speed in which we go around our OODA loop. These tools should alert the proper teams and automatically mitigate the issue or stop the event based on programmatic logic. 

We can think of this as the abilities that a hero's sidekick(s) or partner brings to the fight in movies. These roles are typically the ones that cover the shortfalls of a situation or character. They automatically give a warning when danger is present or will stop a projectile without thinking. But how did they know how to do these things? Sidekicks and partners also have to train with the heroes. In our case, if we can start training and utilizing machine learning and artificial intelligence tools as partners, we will increase our cognizance and be able to anticipate events better.

For example, a security incident event monitoring (SIEM) tool is a means to evaluate possible events through log aggregation. Assuming that the organization has defined what incidents it would like to monitor and the SIEM tool is tuned to measure those incidents, an automated Active Defense mechanism would interface between administrative systems to cut off malicious systems. Now you may say, "well if an incident has happened then we are reacting to an event that occurred and are not being proactive." Remember that to be proactive in our defenses is to understand the tenets of OPSEC. If we apply OPSEC then we've already identified all of our critical information and systems, our adversaries, and their capabilities so that we can focus our SIEM resources on monitoring.