- Install the Threat Response module and deploy packages to endpoints. See Installing Threat Response.
- Upload threat data. You can deploy this data to endpoints. See Adding intel.
- Create configurations of Threat Response components to apply to specific groups of endpoints. See Creating configurations.
- Orchestrate configurations into a profile and assign the profile to one or more computer groups. See Creating profiles.
- Connect to an endpoint, review data, and drill down to specific events. See Connecting to live endpoints and exploring data.
- Examine other endpoints. See Searching across the enterprise.
- Retrieve data from endpoints that have been compromised. See Collecting data from endpoints.
- Quarantine any compromised endpoints. See Isolating compromised endpoints.
Last updated: 4/16/2019 3:13 PM | Feedback