Getting started

  1. Install the Threat Response module and deploy packages to endpoints. See Installing Threat Response.
  2. Upload threat data. You can deploy this data to endpoints. See Adding intel.
  3. Create configurations of Threat Response components to apply to specific groups of endpoints. See Creating configurations.
  4. Orchestrate configurations into a profile and assign the profile to one or more computer groups. See Creating profiles.
  5. Connect to an endpoint, review data, and drill down to specific events. See Connecting to live endpoints and exploring data.
  6. Examine other endpoints. See Searching across the enterprise.
  7. Retrieve data from endpoints that have been compromised. See Collecting data from endpoints.
  8. Quarantine any compromised endpoints. See Isolating compromised endpoints.

Last updated: 4/16/2019 3:13 PM | Feedback