Predefined Automations

Infinity Playblocks has these predefined automations:

• Block attackers upon IPS detection of popular attacks

• Block common scanner identified by IPS

• Block attacking IP with malicious reputation identified by IPS

• Block attacking IP with malicious reputation identified by CloudGuard WAF

• Quarantine compromised Harmony Endpoint device (enforced by Gateway)

• Quarantine potentially infected Harmony Endpoint device (enforced by Gateway)

• Block malicious IOC identified by Harmony SASE

• Block malicious indicator identified by Anti-Bot

• Block malicious indicator identified by Anti-Virus

• Block malicious indicator identified by Harmony Email & Collaboration

• Block malicious indicator identified by Zero Phishing

• Isolate compromised Harmony Endpoint device (enforced by Endpoint)

• Isolate potentially Infected Harmony Endpoint device (enforced by Endpoint)

• Isolate potentially infected SentinelOne device (enforced by Endpoint)

• Isolate potentially infected CrowdStrike device (enforced by Endpoint)

• Quarantine potentially infected SentinelOne device (enforced by Gateway)

• Isolate potentially infected Microsoft Defender device (enforced by Endpoint)

• Quarantine potentially infected Microsoft Defender device (enforced by Gateway)

• Repeated Remote Access login failures using password-only

• Repeated Remote Access login to expired accounts

• Remote Access user login using password-only Authentication

• Block DDoS attack detected by DDoS Protector

• Quarantine potentially infected CrowdStrike device (enforced by Gateway)

• Notify on Expert Shell Login

• Notify on Run Script execution

• Notify on failure of Policy Installation on Quantum Gateway

• Notify on degradation in Quantum Compliance status

• Notify on successful Policy Installation on Quantum Gateway

• Notify on failure of Policy Installation on Quantum Gateway

• Notify on changes in administrators

• Alert on MTA email bypass

• Notify on Quantum Management validations

• Notify on Management High Availability Change-Over

• Notify on repeated login failures to Quantum Management

• Notify on high rate of blocked connections

• Notify on failure of installation of blades updates on Quantum Gateways

• Notify on successful installation of blade updates on Quantum Gateways

• Alert on licenses expiration on Quantum device

• Alert on VPN certificates expiration on Quantum Gateway

• Alert if VPN Tunnel is down

• Alert if no communication with Quantum Gateway

• Block external IP

• Isolate Endpoint device

• Quarantine internal IP

• Enforce Policy on newly discovered IoT Zone

• IoT Device is at risk

• Notify on Harmony Endpoint client uninstall password change

• Notify on bulk uninstallation of Harmony Endpoint clients

• Notify on repeated login failures to user Windows device

• Reset User Password in Identity Provider

• Delete file on Harmony Endpoint device

• Terminate process on Harmony Endpoint device

• Scan Harmony Endpoint Device

• IOC Management - New indicator

• IOC Management - Delete indicator

• Stop and quarantine file via Microsoft Defender

• Scan machine via Microsoft Defender

• Isolate machine via Microsoft Defender (by XDR/XPR)

• Release machine from isolation via Microsoft Defender (by XDR/XPR)

• Stop and quarantine file via Microsoft Defender (by XDR/XPR)

• Handle SD-WAN Link Swap ISP Down

• Open ticket

• Close ticket

• Get ticket

• Open ticket and notify

• Alert on ransomware attack detected by Harmony Endpoint

• Alert on a phishing attempt detected by Harmony Endpoint

• Alert on malicious file detected by Harmony Endpoint

• Alert on access to malicious site detected by Harmony Endpoint

• Alert on password reuse attempt detected by Harmony Endpoint

• Alert on exploit attempt detected by Harmony Endpoint

• Alert on the outdated Harmony Endpoint Static Analysis capability

• Alert on the outdated Harmony Endpoint Offline Reputation capability

• Alert on outdated Harmony Endpoint Behavioral Guard capability

• Alert on disconnected Harmony Endpoint clients

• Alert on Harmony Endpoint Compliance warnings

• Alert on device restrictions by Harmony Endpoint

• Alert on outdated Harmony Endpoint Anti-Malware

• Alert if the device is not scanned by the Harmony Endpoint Anti-Malware capability

• Alert on Harmony Endpoint Anti-Malware license expiration

• Alert on Harmony Endpoint deployment failure

• Alert if Harmony Endpoint client capabilities stop running

• Add malicious file indicator Identified by CrowdStrike to IOC feed

• Add malicious file indicator Identified by SentinelOne to IOC feed

• Add malicious file indicator Identified by Microsoft Defender to IOC feed