Pre-approved Actions
In the Pre-approved Actions page you can enable the SOC team to take certain actions without explicit approval, whenever needed.
The page displays the following information:
Actions - the action taken by the SOC team
Details - a brief description of the action
Notes - a field to add notes for the SOC team
The following pre-approved actions are available:
Stop process - Our experts will terminate a process that they have determined is malicious.
Block file - Our experts will block a malicious executable from running on the host.
Block port - Our experts will block the host from exchanging network traffic on one or more network ports that they have determined a present risk. For example: port 80 or 443.
Block IP - Our experts will block the host from exchanging network traffic with one or more IP addresses that they have determined are malicious.
Isolate host - Our experts will disconnect the host from the network so that it may no longer make or receive connections with other systems.
Delete file - Our experts will delete a file that they have determined is malicious.
Quarantine file - Our experts will move a suspicious file to a quarantine folder so that it cannot be used accidentally. The file will not be deleted.