When creating the automation rule, the action is triggered when an alert matches the condition of the automation rule.
You can configure the following types of actions:
Action | Settings |
---|---|
Communication | Choose one of the options to receive notifications to keep up with alerts.
|
Alert and Incident Management | |
Assign Incident | Assign the incident that is linked to the alert.
|
Set alert status | Alert Status—Select alert status to override the present status of the alert.
|
Set alert severity | Alert Severity—Select alert severity to override the present severity of the alert.
|
Endpoint Response | |
Run endpoint script | Run the Action On.
Script.
|
Isolate endpoint/Run malware scan | Run the action on.
|
Retrieve File | Retrieve File from.
|
Stop processing after this rule | The current rule is the last to be processed only if triggered. |