ResponseFunction parameters
Parameter ID | Description |
| Response action name. |
| The parameter allows you to describe the parameters of a response action you want to launch. You can specify the parameter as a jq expression or as an object. Parameters of the response actions are described in the table below. |
| The parameter allows you to use a jq expression or string array to specify a list of assets for which you want to launch a response action. The |
Response action parameters
Response action name | Parameters |
| Update databases response action. Possible parameters:
|
| Run malware scan response action. Possible parameters:
To launch this response action, you need to specify the |
| Move to group response action. Possible parameters:
|
| Move to quarantine response action. Possible parameters:
|
| Terminate process response action. Possible parameters:
|
| Change authorization status response action. Possible parameter:
|
| Enable network isolation response action. Possible parameters:
|
| Disable network isolation response action. To launch this response action, you need to specify the |
| Run executable file response action. Possible parameters:
|
| Add prevention rule response action. Possible parameters:
To launch this response action, you need to specify the |
| Delete prevention rule response action. Possible parameters:
To launch this response action, you need to specify the |
| Delete all prevention rules. To launch this response action, you need to specify the |
| Assign KASAP group response action. Possible parameters:
|
| Add user to security group response action. Possible parameters:
|
| Delete user from security group response action. Possible parameters:
|
| Lock account response action. To launch this response action, you need to specify the |
| Reset password response action. To launch this response action, you need to specify the |
| Execution of custom scripts. Possible parameters:
|
| Data enrichment. Possible parameters:
|