When creating the automation rule, the action is triggered when an alert matches the condition of the automation rule.
You can configure the following types of actions:
Action | Settings |
---|---|
Communication | Choose one of the options to receive notifications to keep up with alerts.
|
Alert and Incident Management | |
Assign Incident | Assign the incident that is linked to the alert.
|
Set alert status | Alert Status—Select alert status to override the present status of the alert.
|
Set alert severity | Alert Severity—Select alert severity to override the present severity of the alert.
|
Forensics | |
Forensics Triage | Triage Configuration Select the triage configuration from the list. |
Endpoint Response | |
Run endpoint script | Run the Action On.
Script.
|
Isolate endpoint/Run malware scan | Run the action on.
|
Retrieve File | Retrieve File from.
|
Terminate Causality (CGO) | Select this option to terminate the causality chain of processes associated with the alert/s of the automation rule. |
Stop processing after this rule | The current rule is the last to be processed only if triggered. |