MDR

Pre-approved Actions

In the Pre-approved Actions page you can enable the SOC team to take certain actions without explicit approval, whenever needed.

The page displays the following information:

  • Actions - the action taken by the SOC team

  • Details - a brief description of the action

  • Notes - a field to add notes for the SOC team

The following pre-approved actions are available:

  • Stop process - Our experts will terminate a process that they have determined is malicious.

  • Block file - Our experts will block a malicious executable from running on the host.

  • Block port - Our experts will block the host from exchanging network traffic on one or more network ports that they have determined a present risk. For example: port 80 or 443.

  • Block IP - Our experts will block the host from exchanging network traffic with one or more IP addresses that they have determined are malicious.

  • Isolate host - Our experts will disconnect the host from the network so that it may no longer make or receive connections with other systems.

  • Delete file - Our experts will delete a file that they have determined is malicious.

  • Quarantine file - Our experts will move a suspicious file to a quarantine folder so that it cannot be used accidentally. The file will not be deleted.