Containment
ID: RS0003
Prevent a threat from achieving its objectives and/or spreading around an environment.
Response Actions
| ID | Name | Description |
|---|---|---|
| RA3001 | Patch vulnerability | Patch a vulnerability in an asset |
| RA3101 | Block external IP address | Block an external IP address from being accessed by corporate assets |
| RA3102 | Block internal IP address | Block an internal IP address from being accessed by corporate assets |
| RA3103 | Block external domain | Block an external domain name from being accessed by corporate assets |
| RA3104 | Block internal domain | Block an internal domain name from being accessed by corporate assets |
| RA3105 | Block external URL | Block an external URL from being accessed by corporate assets |
| RA3106 | Block internal URL | Block an internal URL from being accessed by corporate assets |
| RA3107 | Block port external communication | Block a network port for external communications |
| RA3108 | Block port internal communication | Block a network port for internal communications |
| RA3109 | Block user external communication | Block a user for external communications |
| RA3110 | Block user internal communication | Block a user for internal communications |
| RA3111 | Block data transferring by content pattern | Block data transferring by its content pattern (i.e. specific string, keyword, binary pattern etc) |
| RA3201 | Block domain on email | Block a domain name on an Email server |
| RA3202 | Block sender on email | Block an email sender on the Email-server |
| RA3203 | Quarantine email message | Quarantine an email message |
| RA3301 | Quarantine file by format | Quarantine a file by its format |
| RA3302 | Quarantine file by hash | Quarantine a file by its hash |
| RA3303 | Quarantine file by path | Quarantine a file by its path |
| RA3304 | Quarantine file by content pattern | Quarantine a file by its content pattern |
| RA3401 | Block process by executable path | Block a process execution by its executable path (including its name) |
| RA3402 | Block process by executable metadata | Block a process execution by its executable metadata (i.e. signature, permissions, MAC times) |
| RA3403 | Block process by executable hash | Block a process execution by its executable hash |
| RA3404 | Block process by executable format | Block a process execution by its executable format |
| RA3405 | Block process by executable content pattern | Block a process execution by its executable content pattern (i.e. specific string, keyword, binary pattern etc) |
| RA3501 | Disable system service | Disable a system service |
| RA3601 | Lock user account | Lock an user account |