Automation Settings - Administrator Guide - Cortex XDR - Cortex - Security Operations

Isolate endpoint on up to _ endpoints in _ hour/s

When an alert condition is triggered, and the action specified is to isolate the endpoint, the limit threshold defined enables the set number of endpoints to be isolated for the period of time defined. This is to prevent an overflow of endpoints isolated from the network at the same time.

If the setting is turned off, there is no threshold for the isolation of endpoints.

Run endpoint script on up to _ endpoints in _ hour/s

When an alert condition is triggered, and the action specified is to run the endpoint script, the limit threshold defined enables the set number of endpoints to run the script for the period of time defined. This is to prevent an overflow of endpoints running scripts at the same time.

If the setting is turned off, there is no threshold for the running scripts on the endpoints.

Terminate Causality (CGO) on up to _ endpoints in _ hour/s

When an alert condition is triggered, and the action specified is to terminate causality, the limit threshold defined enables the set number of endpoints to terminate the causality chain of processes for the period of time defined. This is to prevent an overflow of endpoints terminating causality chain of processes at the same time.

If the setting is turned off, there is no threshold for terminating causality on the endpoints.

Forensic Triage on up to _ endpoints in _ hour/s

When an alert condition is triggered, and the action specified is set to Forensic Triage, the limit threshold defined enables the set number of endpoints to triage for the period of time defined. This is to prevent an overflow of endpoints to triage at the same time.

If the setting is turned off, there is no threshold for the running scripts on the endpoints.

Distribution List

Enter the email of the people to notify

Slack

Enter the slack contact to notify.