Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Users can set a kill/suspend process response action with a detection rule configuration #4874

Closed
2 tasks done
caitlinbetz opened this issue Mar 6, 2024 · 0 comments
Closed
2 tasks done

Users can set a kill/suspend process response action with a detection rule configuration #4874

caitlinbetz opened this issue Mar 6, 2024 · 0 comments
Assignees
@joepeeples
Labels
Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Feature: Response actions also includes response console Feature: Rule Actions Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management v8.13.0

Comments

@caitlinbetz
Copy link

caitlinbetz commented Mar 6, 2024
edited by joepeeples
Loading

Description

We are expanding the existing native response action functionality available with detection rule creation (see existing docs here) to include the kill and suspend process actions. This will allow users to create a rule that will automatically kill or suspend a suspicious or malicious process, automatically stopping the execution of malicious activities, eliminating the need for manual intervention, and speeding up overall time to respond.

Background & resources

Condensed docs issue template info

  • Which documentation set does this change impact? ESS and serverless
  • ESS release: 8.13
  • Serverless release: week of March 26, 2024
  • Feature differences: N/A
  • API docs impact: @tomsonpl

Prerequisites, privileges, feature flags

Docs Pull Requests
Preview Give feedback
@joepeeples joepeeples self-assigned this Mar 6, 2024
@joepeeples joepeeples added Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management Feature: Response actions also includes response console Docset: Serverless Issues for Serverless Security Docset: ESS Issues that apply to docs in the Stack release v8.13.0 Feature: Rule Actions labels Mar 6, 2024
@joepeeples joepeeples changed the title Users can set a kill/suspend process response action with a detection rule configuration[Request] Users can set a kill/suspend process response action with a detection rule configuration Mar 6, 2024
@joepeeples joepeeples mentioned this issue Mar 8, 2024
Merged
@mergify mergify bot mentioned this issue Mar 18, 2024
Merged
@joepeeples joepeeples mentioned this issue Mar 18, 2024
Closed
@joepeeples joepeeples reopened this Mar 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joepeeples joepeeples

Labels
Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Feature: Response actions also includes response console Feature: Rule Actions Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management v8.13.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@caitlinbetz @joepeeples