Configure Simple Response for Alert Logic XDR: Isolate Managed Host

The Simple Response for XDR Managed Host Isolation utilizes your XDR data by forwarding chosen incident types to the Alert Logic Security Operations Center (SOC), who will then review and potentially isolate the hosts in question via the Alert Logic XDR Agent functionality.

(Optional) Create an exclusion list

If you want your automation to exclude specific hosts, the hosts must be defined in one or more exclusion lists. For example, you can create a list of computers for your security team to prevent them from being locked out. During the simple response creation process, a step is available to apply exclusion lists to your automation. If a list you want to apply does not exist already, use the instructions in Exclusions to create it now.

Choose the response

1. In the Alert Logic console, click the navigation menu icon (), click Respond, click Automated Response, and then click Simple Responses.
2. Click the add icon (), and then, under Fortra XDR: Fortra agent managed containment, click START.
3. Enter a name, and then continue to click Next leaving all settings to their default.

The Alert Logic SOC will now automatically isolate hosts which will fire critical XDR incidents.

(Optional) Apply exclusions

If you want to exclude hosts from the response, in Exclusion List(s), select one or more lists that define the exclusions. You can create exclusion lists from the Exclusions page if necessary, and then come back. For more information, see Exclusions.

After you select one or more lists, or if you want to skip this step, click NEXT.