1 Reply Latest reply on Jul 8, 2014 4:45 AM by pierce

    Automation

    mprenaud

      All,

       

      Is there anyone out there running automation for their threats and intervention actions for those threats?  Here is what i am looking to do.  For instance, if a system is infected by critical malware (handled or not handled), to somehow push a firewall policy to that system based on a tagged rule.  How would that be automated?

       

      Thanks and feel free to give other ideas.

        • 1. Re: Automation
          pierce

          Set up an automatic response to malware detection and tag the system with something like 'LockDownFirewall' Then have a policy assignment task to only apply your new policy to systems with the tags.

           

          Had a similar thing setup with see malware, tag system, tag kicks off a full scan.

           

          Once you get it all ironed out it should prove to be very useful in lots of situations!