Actions - the action taken by the SOC team

Details - a brief description of the action

Notes - a field to add notes for the SOC team

Stop process - Our experts will terminate a process that they have determined is malicious.

Block file - Our experts will block a malicious executable from running on the host.

Block port - Our experts will block the host from exchanging network traffic on one or more network ports that they have determined a present risk. For example: port 80 or 443.

Block IP - Our experts will block the host from exchanging network traffic with one or more IP addresses that they have determined are malicious.

Isolate host - Our experts will disconnect the host from the network so that it may no longer make or receive connections with other systems.

Delete file - Our experts will delete a file that they have determined is malicious.

Quarantine file - Our experts will move a suspicious file to a quarantine folder so that it cannot be used accidentally. The file will not be deleted.