As an automated response to an incident, you can isolate hosts for the companies you choose when F-Secure Elements Endpoint Detection and Response detects an incident that matches the criteria that you set.
Note: Response actions work only with F-Secure Elements EDR and EPP for Computers, F-Secure Elements EDR and EPP for Computers Premium, F-Secure Elements EDR and EPP for Servers Premium, and the F-Secure Elements EDR for Computers standalone installations.
To add the automated response rule for a company:
- Log in to the portal with your email address and password.
The Home view opens.
- Select the Automated response tab.
- Select Add rule.
- In the Company name field, select the company that you want to apply the rule to.
- In the Criteria drop-down menu, select risk levels of incidents when the hosts should be automatically isolated.
- By default, the automated response rule does not isolate hosts that have been labeled as critically important. To isolate those hosts as well when the rule would apply, select Include hosts with critical importance.
- Select Add to add the new rule to the automated response rules list.
The new rule is in effect as long as it is turned on.
When F-Secure Elements Endpoint Detection and Response detects an incident that matches the rule conditions, it isolates selected hosts automatically and sends a notification email to organization contacts that you have defined.