Blocking IP addresses through Kaspersky NGFW

You can prevent a potential threat distribution and malicious activities on your networked devices through Kaspersky NGFW by adding IP addresses to the blocklist.

You can also configure the response action to run automatically when creating or editing a playbook.

The response action is available if the Open Single Management Platform distribution kit includes the Kaspersky NGFW web plug-in.
To perform the response action through Kaspersky NGFW, you must have one of the following XDR roles: Main administrator, Tenant administrator, Junior analyst, Tier 1 analyst, Tier 2 analyst.

To perform the response action through Kaspersky NGFW:

1. Do one of the following:
   • In the main menu, go to Monitoring & reporting → Alerts. In the ID column, click the link with the alert ID you need.
   • In the main menu, go to Monitoring & reporting → Incidents. In the ID column, click the link with the incident ID you need.
2. In the window that opens, go to the Observables tab.
3. Select the IP address check box.
4. In the Select response action drop-down list, select the Add IP to blocklist on network devices response action.

The selected response action is completed. An appropriate message is displayed on the screen.

Page top