cancel
Showing results for 
Search instead for 
Did you mean: 
mprenaud
Level 7

Automation

All,

Is there anyone out there running automation for their threats and intervention actions for those threats?  Here is what i am looking to do.  For instance, if a system is infected by critical malware (handled or not handled), to somehow push a firewall policy to that system based on a tagged rule.  How would that be automated?

Thanks and feel free to give other ideas.

0 Kudos
1 Reply
pierce
Level 13

Re: Automation

Set up an automatic response to malware detection and tag the system with something like 'LockDownFirewall' Then have a policy assignment task to only apply your new policy to systems with the tags.

Had a similar thing setup with see malware, tag system, tag kicks off a full scan.

Once you get it all ironed out it should prove to be very useful in lots of situations!

0 Kudos