Autonomous Response Actions (supported tools)
- Isolate Host - Crowdstrike, SentinelOne, Microsoft, Watchguard, Aurora, TrendAI
- Lift Host Containment - Crowdstrike, SentinelOne, Microsoft, Watchguard, TrendAI
- Blocklist File - Crowdstrike, SentinelOne, TrendAI
- Kill Process - SentinelOne
- Quarantine File - SentinelOne, Microsoft, Watchguard, Aurora
- Email Automations - Sublime, Mimecast
- Revoke Session - Microsoft Entra
- Disable User - Microsoft Entra
- Enable User - Microsoft Entra
- Automatic Ticket Creation - Jira, ServiceNow, PagerDuty, SolarWinds, Freshdesk, Zendesk, HaloPSA
Automated Response Configuration
Each response action includes three possible configuration states:- Automated - Response action is performed at the time the case is created
- Analyst Approved - Analysts can manually perform the action in the platform by clicking Resolve
- Approval Required - Red tag next to the response action notifying the analyst that they need to request approval from the end customer