TEAM: Huntress Managed Endpoint Detection and Response (EDR)
PRODUCT: Managed Defender
ENVIRONMENT: Windows
SUMMARY: Describe Endpoint Isolation Process
Endpoint Isolation Scenario
Endpoint isolation will take effect after a Huntress Security Operation Center (SOC) Analyst sends the incident report for the infected endpoint.
Scenario: Malicious ransomware is spreading through a partner network
What actions does Huntress take?
1An Incident Report is automatically opened due to a tripped ransomware canary or some other malware event known to spread to fast across a network.
2The report is immediately reviewed by a Huntress SOC Analyst to ensure it is not a false positive.
3The report is sent ASAP and the endpoint is isolated on send.