Simple Response Configuration Guide (Beta)
This document is currently being developed for early access customers.
Simple responses support automation of common security activities. For instructions on how to configure a specific response, click a link in the Simple Response column. For more information about simple responses, see Get Started with Simple Responses.
| Simple Response | Description |
|---|---|
| Alert Logic WAF: Block External IP Address | Block the IP address of an attacker with the Alert Logic web application firewall (WAF). |
| AWS WAF IP Set: Block External IP Address | Add the attacker IP address to an AWS WAF (web application firewall) IP set that controls access to a protected Amazon CloudFront distribution or regional application. |
| Fortinet FortiGate: Block External IP Address | Block the IP address of an attacker with Fortinet FortiGate. |
| Palo Alto NGFW: Block External IP Address | Block the IP address of an attacker with Palo Alto NGFW. |
| Amazon EventBridge: Send Message | Send events to Amazon EventBridge for a serverless infrastructure such as AWS Lambda. |
| Amazon SNS: Send Message | Send an incident via the Amazon SNS service to endpoints subscribed to an Amazon SNS topic, as a text message, or to a mobile platform endpoint. |
| AWS IAM: Disable User | Disable the Amazon Web Services (AWS) IAM access key of a user that is the victim of an attack. |
| Microsoft Active Directory: Disable User | Disable the Microsoft Active Directory (AD) account of a user that is the victim of an attack. |
| Microsoft Azure Active Directory: Disable User | Disable the Microsoft Azure AD account of an Azure AD or Office 365 user that is the victim of an attack. |
| Microsoft Defender for Endpoint: Isolate Host | Isolate the host of a user that is the victim of an attack with Microsoft Defender for Endpoint. |
| SentinelOne: Isolate Host | Isolate the host of a user that is the victim of an attack with SentinelOne. |