Containment
Execute short-term and long-term containment measures to prevent further spread of the threat across the environment. Isolate compromised hosts, disable affected accounts, apply network segmentation rules, and block known malicious indicators at perimeter and endpoint controls while preserving forensic evidence integrity.
Network Isolation of Compromised Systems
P1Network Isolation
30min
View node
Credential and Account Lockdown
P1Account Lockdown
45min
View node
Block Active Exfiltration Pathways
P1Block Exfiltration
30min
View node
Halt Ransomware Propagation
P1Stop Ransomware Spread
30min
View node
Revoke Cloud Sessions and Tokens
P1Revoke Cloud Sessions
30min
View node
Covertly Restrict Insider Threat Actor Access
P1Insider Containment
45min
View node
Phishing Containment: Block, Quarantine, Purge
P1Phishing Quarantine
45min
View node