Scan response action [serverless]

docs/serverless/endpoint-response-actions/response-actions.mdx

@@ -179,6 +179,20 @@ You can follow this with the `execute` response action to upload and run scripts
 The default file size maximum is 25 MB, configurable in `kibana.yml` with the `maxUploadResponseActionFileBytes` setting. You must enter the value in bytes (the maximum is `104857600` bytes, or 100 MB).
 </DocCallOut>
 
+### `scan`
+
+Scan a specific file or directory on the host for malware. The scan uses the <DocLink slug="/serverless/security/configure-endpoint-integration-policy" section="malware-protection">malware protection settings</DocLink> (such as Detect or Prevent options, or enabling the blocklist) as configured in the host's associated ((elastic-defend)) integration policy. Use these parameters:
+
+* `--path` : (Required) The absolute path to a file or directory to be scanned.
+
+Required role: **Tier 3 Analyst**, **SOC Manager**, or **Endpoint Operations Analyst**
+
+Example: `scan --path "/Users/username/Downloads" --comment "Scan Downloads folder for malware"`
+
+<DocCallOut title="Note">
+    Scanning can take longer for directories containing a lot of files.
+</DocCallOut>
+
 <div id="supporting-commands-parameters"></div>
 
 ## Supporting commands and parameters