Support

Support for business applications

Kaspersky XDR Expert

Threat response

Playbooks

Configuring manual approval of response actions

Kaspersky Next XDR Expert
Online Help
FAQ Forum Contact support Recovery tools

Configuring manual approval of response actions

May 15, 2024

ID 249275

Get as PDF

Kaspersky Next XDR Expert allows you to configure manual approval of a response action launched within a custom playbook. By default, manual approval of the response action is disabled.

Before configuring manual approval, make sure that email notifications for tenants are configured and the email address of the approver is specified.

We recommend that you configure manual approval of the following response actions: moving devices to another administration group, moving files to quarantine, enabling and disabling network isolation, responding on accounts through Active Directory, and data enrichment.

To configure manual approval of a response action:

  1. In the main menu, go to Monitoring & reportingPlaybooks.
  2. Open the playbook for editing by doing one of the following:
    • Click the name of the playbook that you want to edit. In the Playbook details window that opens, click the Edit button.
    • Select the playbook from the list, and then click the Edit button.

      If you select more than one playbook, the Edit button will be disabled.

    The Edit playbook window opens.

  3. In the Algorithm section, specify one of the following parameters for the response action for which you want to enable the manual approval:
    • To enable the manual approval of a response action with the default approval time, specify the following parameter:

      "manualApprove": true

      By default, the approval time is 60 minutes.

    • To enable the manual approval of a response action with an adjustable approval time, specify the following parameter:

      "manualApprove": {"timeout": "period"}

      where "period" is an adjustable approval time.

      You can configure the approval time in hours (h) and/or minutes (m), for example:

      "manualApprove": {"timeout": "20h"}

      "manualApprove": {"timeout": "2h30m"}

    • To enable the manual approval of a response action with notifications sent to the email address of the approver, specify the following parameter:

      "emailNotifications": {

      "enabled":true

      }

    • To enable the manual approval of a response action with a notification that is sent to the email address of the approver after a certain period of time, specify the following parameter:

      "manualApprove": {

      "emailNotifications": {

      "enabled": true,

      "delay": "period"

      }

      where "period" is an adjustable sending time.

      You can configure the sending time in minutes (m), for example:

      "delay": "20m"

  4. Click the Save button.

Manual approval of a response action is configured. Email notifications with a request to approve the response action will be sent to the email specified in the user account properties.

You can view requests for approval of response actions in the Approval requests section.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.