Alert Logic Intelligent Response simple responses allow you to automate three key incident response use cases. The below workflow describes how a response is generated and carried out, from incident detection and analysis to customer approval to issuing of a response.
Simple Response Workflow
This Simple Response workflow walks you through exactly where an enabled Simple Response is initiated and what steps are required for it to be issued to your network. The workflow begins at incident detection.
All Simple Response types are generated during incident detection and analysis. Based on the Simple Response types you have enabled, Alert Logic will automate a response when a trigger is detected – be it a malware detection for disabling a user, an external brute force for shunning an attacker, or an endpoint detection antivirus failure for isolating a host, for example.
Once a Simple Response incident type is triggered, Alert Logic will confirm whether there are any exclusions defined by you that may pertain to the automation. If any exclusions are found, the automation will not continue through this workflow and the Simple Response will not be issued.
If no exclusions apply, Alert Logic will confirm whether approvals are required for the Simple Response. If required, the automation will follow the Approvals workflow and notify identified users that an approval is requested. Approvers have six hours to approve or reject automation. If no approver sees or acts on the request within six hours, the request is automatically rejected.
If no approvals are required, the Simple Response automation will be issued. All Simple Response automation actions can be reviewed – and rolled back, if necessary – in the History page of the Alert Logic console, at (navigation menu) > Respond > Automated Response > History.
Additional Resources
For additional information on Intelligent Response, see these Alert Logic support resources:
- Intelligent Response for Managed Detection & Response
- Alert Logic Mobile Application
- Intelligent Response Simple Responses Automation Types
- Intelligent Response Simple Responses Customer Approval Workflow
- How do I log in to the Alert Logic mobile app?
- Intelligent Response Keyword Glossary
- Intelligent Response Frequently Asked Questions
- Get Started with Automated Response
- Get Started with Simple Responses
- Simple Response Configuration Guide
- Exclusions
Comments
0 comments
Please sign in to leave a comment.