Response actions

The response actions can be launched in one of the following ways:

• Manually, as described in this section.
• Within a playbook.

  In this case, when creating or editing a playbook you can configure the response action to run automatically, or to request the user's manual approval before launching within the playbook. By default, manual approval of response actions is disabled.

In this section Terminating processes Moving devices to another administration group Running a malware scan Viewing the result of the malware scan Updating databases Moving files to quarantine Changing authorization status of devices Viewing information about KASAP users and changing learning groups Responding through Active Directory Responding through KATA/KEDR Responding through UserGate Responding through Ideco NGFW Responding through Ideco UTM Responding through Redmine Responding through Check Point NGFW Responding through Sophos Firewall Responding through Continent 4 Responding through SKDPU NT Responding through FortiGate Viewing response history from alert or incident details

Page top