Predefined Automations
This topic lists predefined automations available in the system. It provides links to automation actions triggered by various security detections and events.
Playblocks has these predefined automations:
Block attacking IP with malicious reputation identified by IPS
Quarantine compromised Endpoint Security device (enforced by Firewall)
Quarantine potentially infected Endpoint Security device (enforced by Firewall)
Block malicious file indicator identified by Threat Extraction Endpoint Security
Block malicious file indicator identified by Threat Emulation Endpoint Security
Block malicious file indicator identified by Anti-Bot Endpoint Security
Block malicious URL indicator identified by Anti-Bot Endpoint Security
Block malicious indicator identified by Zero Phishing Endpoint Security
Isolate compromised Endpoint Security device (enforced by Endpoint)
Isolate potentially Infected Endpoint Security device (enforced by Endpoint)
Isolate potentially infected SentinelOne device (enforced by Endpoint)
Isolate potentially infected CrowdStrike device (enforced by Endpoint)
Quarantine potentially infected SentinelOne device (enforced by Firewall)
Isolate potentially infected Microsoft Defender device (enforced by Endpoint)
Quarantine potentially infected Microsoft Defender device (enforced by Firewall)
Credentials leakage detected by External Risk Management triggering reset password
Quarantine potentially infected CrowdStrike device (enforced by Firewall)
Notify on failure of Policy Installation on Check Point Firewall
Notify on degradation in Check Point Firewall Compliance status
Notify on successful Policy Installation on Check Point Firewall
Notify on failure of installation of blades updates on Check Point Firewalls
Notify on successful installation of blade updates on Check Point Firewalls
Alert on VPN certificates expiration on Check Point Firewall
Notify on non-compliant devices blocked by Identity and Trust
Notify on Endpoint Security client uninstall password change
Release machine from isolation via Microsoft Defender (by XDR)
Alert on access to malicious site detected by Endpoint Security
Alert on password reuse attempt detected by Endpoint Security
Alert on the outdated Endpoint Security Static Analysis capability
Alert on the outdated Endpoint Security Offline Reputation capability
Alert on outdated Endpoint Security Behavioral Guard capability
Alert if the device is not scanned by the Endpoint Security Anti-Malware capability
Add malicious file indicator Identified by CrowdStrike to IoC feed
Add malicious file indicator Identified by SentinelOne to IoC feed
Add malicious file indicator Identified by Microsoft Defender to IoC feed