Support

Support for business applications

Kaspersky XDR Expert

Threat response

Response actions

Response actions

May 15, 2024

ID 249296

The response actions can be launched in one of the following ways:

Manually, as described in this section.
Within a playbook.
In this case, when creating or editing a playbook you can configure the response action to run automatically, or to request the user's manual approval before launching within the playbook. By default, manual approval of response actions is disabled.

In this section

Terminating processes

Moving devices to another administration group

Running a malware scan

Updating databases

Moving files to quarantine

Changing authorization status of devices

Viewing information about KASAP users and changing learning groups

Responding through Active Directory

Responding through KATA/KEDR

Responding through UserGate

Responding through Ideco NGFW

Responding through Redmine

Viewing response history from alert or incident details

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.

Thank you for your feedback! You're helping us improve.

Join us on Telegram

Release info, latest updates in the support lifecycle and new articles

QR code for opening Kaspersky Technical Support channel on Telegram