+6Hey,
Let`s say we have a malicious case with multiple account entities , or even host entities.
and we also have a block for mitigation actions in EDR \\ AAD, but we want to block only one of each entities, not all.
Is there a way to perform this task automatically?
If not, is there a way to pop a window to the analysts to write or select the relevant entities?
generally, do you have any best practices for these kind of actions?
Best answer by ylandovskyy
Hey @ORBR ,
As of now, it's not natively supported, but I do have a workaround that will solve your use case.
This is how it's possible to solve the use case of creating a custom scope for blocks for remediation and ensure that the actions are only executed on a specific subset of entities. Let me know, if it makes sense.
+16Hey @ORBR ,
As of now, it's not natively supported, but I do have a workaround that will solve your use case.
This is how it's possible to solve the use case of creating a custom scope for blocks for remediation and ensure that the actions are only executed on a specific subset of entities. Let me know, if it makes sense.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
