Automations

You can configure Infinity XDR Extended Detection & Response/XPR Extended Prevention & Response to take prevention actions automatically when an incident is generated with a specified severity. Currently, the automatic response supports adding indicators to IoC Management.

For example, you can configure the automatic response that all IoCs with severity High and above must be added to IoC Management with the Enabled status.

Notes: By default, Infinity XDR/XPR automatically adds all the indicators to IoC Management with the Disabled status. For the tenants created from July 23, 2023 onwards, the Legacy IoC Management is disabled and only the New IoC Management is supported.

To configure an automatic response:

1. Go to Policy > Automations.

2. Enable the toggle button.

3. Select the required threshold (Confidence and Severity level).

Note - If the IoC is a file that matches the configured threshold, and if it is detected in a machine with Harmony Endpoint Security client installed, the file will be quarantined by Harmony Endpoint.