When creating the automation rule, the action is triggered when an alert matches the condition of the automation rule.
You can configure the following types of actions:
Choose one of the options to receive notifications to keep up with alerts.
Alert and Incident Management
Assign the incident that is linked to the alert.
Set alert status
Alert Status—Select alert status to override the present status of the alert.
Set alert severity
Alert Severity—Select alert severity to override the present severity of the alert.
Select the triage configuration from the list.
Run endpoint script
Run the Action On.
Isolate endpoint/Run malware scan
Run the action on.
Retrieve File from.
Terminate Causality (CGO)
Select this option to terminate the causality chain of processes associated with the alert/s of the automation rule.
Stop processing after this rule
The current rule is the last to be processed only if triggered.