RAI3303_0001: Perform quarantine file via SOLDR

Summary

ID	RAI3303_0001
Brief Description	This response action is intended to perform quarantine of choosen file
Author	Alex@Cyberok
Creation Date	2023/02/03
Modification Date	2023/03/30
Requirements	software
Tags	Quarantine Linux Windows Macos
Means of action	SOLDR cpe:2.3:a:soldr:soldr:*:*:*:*:*:*:*:*
Targets of action	Windows Host cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Linked Response Actions	Quarantine File By Path

Description

Quarantine module sends files to quarantine container directly from the SOLDR (XDR) interface.

Target system requirements

Installed SOLDR agent.

Requirements for means of action

Enabled "Quarantine" module.

Expected impact result

Suspucious file is isolated.

Implementations

Set up module

1) some info

Module usage example

2) more info