The Active Response feature within OSSEC can run applications on an agent or server in response to certain triggers. These triggers can be specific alerts, alert levels, or rule groups.
The active response framework is also what allows an OSSEC administrator to start a syscheck scan or restart OSSEC on a remote agent.