Response Actions
Isolate and remediate.
From Detection to Response
Detecting a threat is only half the job. Response is the action you take to stop and clean up an attack.
Fast response limits damage and prevents spread.
Host Isolation
Isolation (network containment) cuts an infected endpoint off from the network.
The machine can still talk to the EDR console for investigation, but it cannot spread malware or leak data.
All lessons in this course
- What Is EDR
- Telemetry and Detection
- Response Actions
- EDR vs Antivirus