Skip to main content

MDR

Response Actions

Response Actions gives you a list of every action that a SOC Analyst has taken in your environment, based on data gathered from investigations or hunts.

On this page, you also have several filtering options and additional information for each action.

MDR_Response_Actions.png
  • Action Number - the unique identifier of each action in this environment.

    Note

    Click any action number to display additional information.

  • Action date - timestamp of when the action was taken.

  • Action - indicates which action was taken by the SOC team.

    These actions may include:

    • Stop process - Our experts will terminate a process that they have determined is malicious.

    • Block file - Our experts will block a malicious executable from running on the host.

    • Block port - Our experts will block the host from exchanging network traffic on one or more network ports that they have determined a present risk. For example: port 80 or 443.

    • Block IP - Our experts will block the host from exchanging network traffic with one or more IP addresses that they have determined are malicious.

    • Isolate host - Our experts will disconnect the host from the network so that it may no longer make or receive connections with other systems.

    • Delete file - Our experts will delete a file that they have determined is malicious.

    • Quarantine file - Our experts will move a suspicious file to a quarantine folder so that it cannot be used accidentally. The file will not be deleted.

  • Summary - displays the summary of the action, showing information such as which endpoint or which file was affected.

  • Source - the SOC effort (the investigation or the hunt) that resulted in this action.  This item is linked back to the investigation or hunt, for more information.