Response actions for commands from Detection and Response solutions

When interacting with Detection and Response solutions, the Kaspersky Industrial CyberSecurity for Linux Nodes application can perform protective response actions. Response actions can be generated by the Detection and Response solution and executed automatically on devices running Kaspersky Industrial CyberSecurity for Linux Nodes. You can also configure and perform response actions manually.

Response actions settings vary depending on the Detection and Response solution that Kaspersky Industrial CyberSecurity for Linux Nodes is integrated with.

The Kaspersky Industrial CyberSecurity for Linux Nodes application can perform the following response actions on devices:

• Terminate process.
• Start process.
• Scan for indicators of compromise (IOC).
• Receive file from device.
• Quarantine file.
• Delete file from device.
• Isolate the device from the network.
• Conduct security audit.
• Restore files from Quarantine.
• Execution prevention for objects.

For more information about threat response actions when integrated with Kaspersky Industrial CyberSecurity Endpoint Detection and Response, see the Kaspersky Industrial CyberSecurity Endpoint Detection and Response Help.

For details about threat response actions on the Kaspersky Industrial CyberSecurity for Networks side, please refer to the Kaspersky Industrial CyberSecurity for Networks Help.

In this section Security Audit Terminate process Execution prevention for objects Start process Searching for indicators of compromise Receiving a file from a device Managing the Quarantine Network isolation Delete file from device

Page top