Actions - the action taken by the SOC team

Details - a brief description of the action

Notes - a field to add notes for the SOC team

Stop process. Our experts will terminate a process that they have determined is malicious.

Block file. Our experts will block a malicious executable from running on the host.

Block port. Our experts will block the host from exchanging network traffic on one or more network ports that they have determined a present risk. For example: port 80 or 443.

Block IP. Our experts will block the host from exchanging network traffic with one or more IP addresses that they have determined are malicious.

Isolate host. Our experts will disconnect the host from the network so that it may no longer make or receive connections with other systems.

Delete file. Our experts will delete a file that they have determined is malicious.

Quarantine file. Our experts will move a suspicious file to a quarantine folder so that it cannot be used accidentally. The file will not be deleted.

Delete email. Our experts will delete an email message from the inbox after they have determined the message is malicious.

Disable user. Our experts will disable the user's ability to log in after determining their is malicious activity associated with the account.

Mark user as compromised. Our experts will mark the user as compromised in Active Directory. This action is only available for customers with the Microsoft E5 level license.

Response shell. Our experts may have access to run commands on the endpoint in order to investigate or mitigate malicious activity.

Force user credentials reset. After determining an account may be misused, our experts will set the account so the user must reset their password on the next login.

XDR for MDR Productivity

XDR for MDR Identity