Skip to main content


Response Actions

Response Actions gives you a list of every action that a SOC Analyst has taken in your environment, based on data gathered from investigations or hunts.

On this page, you also have several filtering options and additional information for each action.

  • Action Number - the unique identifier of each action in this environment.


    Click any action number to display additional information.

  • Action date - timestamp of when the action was taken.

  • Action - indicates which action was taken by the SOC team.

    These actions may include:

    • Stop process - Our experts will terminate a process that they have determined is malicious.

    • Block file - Our experts will block a malicious executable from running on the host.

    • Block port - Our experts will block the host from exchanging network traffic on one or more network ports that they have determined a present risk. For example: port 80 or 443.

    • Block IP - Our experts will block the host from exchanging network traffic with one or more IP addresses that they have determined are malicious.

    • Isolate host - Our experts will disconnect the host from the network so that it may no longer make or receive connections with other systems.

    • Delete file - Our experts will delete a file that they have determined is malicious.

    • Quarantine file - Our experts will move a suspicious file to a quarantine folder so that it cannot be used accidentally. The file will not be deleted.

  • Summary - displays the summary of the action, showing information such as which endpoint or which file was affected.

  • Source - the SOC effort (the investigation or the hunt) that resulted in this action.  This item is linked back to the investigation or hunt, for more information.