Introduction
This article introduces response actions and outlines the factors considered when deciding the appropriate response action for a given threat.
After reading this article, you will understand:
- How response actions are triggered
- How response profiles control behavior
- What actions can be applied during a security event
What are Response Actions?
Response actions are automated security measures that are executed based on your configured response profiles.
Instead of manually responding to every threat, response actions allow Vision to detect, decide, and act automatically to protect your environment.
How do they work?
Response actions are not standalone actions you trigger manually.
They are:
- Defined in your response profile
- Triggered automatically when detection conditions are met
- Can be executed without user intervention (based on policy) for high-confidence detections.
Example:
- A threat is detected on an endpoint
- The assigned response profile evaluates the severity
- Field Effect MDR automatically isolates the device and blocks indicators
Response Profiles & Response Actions
Response profiles determine:
- Which actions are taken
- When they are triggered
- What level of severity is required
If you want to change how your environment responds to threats, you must update the response profile. See Response Policies: Overview to learn more.
Types of Response Actions
Containment
Limit the spread or impact of a threat.
- Device isolation
- Blocking IPs, domains, or files
When they occur:
Triggered when a threat is confirmed or meets policy conditions
Remediation
When they occur:
- Automatically triggered for high-confidence or active threats
Remove or stop malicious activity.
- Terminate processes
- Remove malicious artifacts
When they occur:
Triggered when a threat is confirmed or meets policy conditions
Monitoring
Support investigation and validation.
- Logging activity
- Alert generation
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article