Automations

In the Automations page, you can configure XDR Extended Detection & Response to take prevention actions automatically when an incident is generated with a specified confidence and severity. Currently, the automatic response supports adding indicators to IoC Management.

For example, you can configure the automatic response that all IoCs with severity High and above must be added to IoC Management with the Enabled status.

Notes: By default, XDR automatically adds all the indicators to IoC Management with the Disabled status. For the tenants created from July 23, 2023 onwards, the Legacy IoC Management is disabled and only the New IoC Management is supported.

To configure an automatic response:

1. Go to Policy > Automations.

2. Enable the toggle button.

3. Select the required threshold (Confidence and Severity level).

Note - If the IoC is a file that matches the configured threshold, and if it is detected in a machine with Endpoint Security Security client installed, the file will be quarantined by Endpoint Security.