diff --git a/docs/serverless/endpoint-response-actions/response-actions.mdx b/docs/serverless/endpoint-response-actions/response-actions.mdx
index 0229a22c5e..03557d47e6 100644
--- a/docs/serverless/endpoint-response-actions/response-actions.mdx
+++ b/docs/serverless/endpoint-response-actions/response-actions.mdx
@@ -179,6 +179,20 @@ You can follow this with the `execute` response action to upload and run scripts
The default file size maximum is 25 MB, configurable in `kibana.yml` with the `maxUploadResponseActionFileBytes` setting. You must enter the value in bytes (the maximum is `104857600` bytes, or 100 MB).
+### `scan`
+
+Scan a specific file or directory on the host for malware. The scan uses the