Taking Action on Devices with Suspicious Activity
ADRA NDR automatically takes action on devices with suspicious activity according to default and user-defined rules, and lists these devices in Security Operations > Risk Management. You can apply a different action on these devices according to your security needs.
- Open ADRA NDR.
- Go to Security Operations > Risk Management.
- Select one or more devices.
-
Click Take Action.
The Device Action window opens.
-
Select an action to perform on the selected devices.
Action
Description
Place under Normal Scan
Removes the selected devices from the Risk Management list.
The selected devices are regularly scanned as normal devices.
Place under Temporary Release
Temporarily releases the selected devices from quarantine.
The selected devices remain on the list as a reminder for later treatment.
Tip:Perform this action when the selected devices need to stay operational due to ongoing needs.
Place under Threat Watch
Scans all data packets transmitted through the selected devices for 15 minutes. If there are no suspicious activities during that period, the devices are placed back under Normal Scan.
Quarantine
Quarantines the selected devices so they can no longer access other devices in the network.
- Click Next.
- Review the selected devices.
-
Leave a comment on the action.
Note:
ADRA NDR displays this comment under Details in the relevant log in Security Operations > Threat Analysis.
- Click Apply.
ADRA NDR applies the action on the selected devices.