Simple Response Configuration Guide

Simple responses support automation of common security activities. For instructions on how to configure a specific response, click a link in the Simple Response column. For more information about simple responses, see Get Started with Simple Responses.

Simple Response Description
Alert Logic WAF: Block External IP Address Block the IP address of an attacker with the Alert Logic web application firewall (WAF).
AWS WAF IP Set: Block External IP Address Add the attacker IP address to an AWS WAF (web application firewall) IP set that controls access to a protected Amazon CloudFront distribution or regional application.
Fortinet FortiGate: Block External IP Address Block the IP address of an attacker with Fortinet FortiGate.
Palo Alto NGFW: Block External IP Address Block the IP address of an attacker with Palo Alto NGFW.
AWS IAM: Disable User Disable the Amazon Web Services (AWS) IAM access key of a user that is the victim of an attack.
Microsoft Active Directory: Disable User Disable the Microsoft Active Directory (AD) account of a user that is the victim of an attack.
Microsoft Azure Active Directory: Disable User Disable the Microsoft Azure AD account of an Azure AD or Office 365 user that is the victim of an attack.
Microsoft Defender for Endpoint: Isolate Host Isolate the host of a user that is the victim of an attack with Microsoft Defender for Endpoint.
SentinelOne: Isolate Host Isolate the host of a user that is the victim of an attack with SentinelOne.