Integrating ESM and ePO/DLP there are two default actions in ePO, search by Source IP or Destination IP in ePO. Is there a way to add additionally provided or available actions or do these need to be custom built, for example examining incident in DLP from the event/alert in SIEM for additional context? other intrests in actions include email to user in event from SIEM, block or evaluate from SIEM i.e. false positive based upon event details/packet.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.