1. Help Center
  2. AgileBlue Features

Leverage The Power Of Autonomous Response

PLUS and PRO AgileBlue subscribers can leverage the power of AgileBlue's opt-in autonomous response capabilities to ensure threats are contained as soon as they are identified.

Overview

  • Autonomous Response can be enabled or disabled by PLUS or PRO subscribers directly from their Alert Playbook page at any time
  • Devices can be tagged into four categories depending on the level of autonomous response desired – manual response, task list only, isolation only, or full response – making the feature fully customizable
    • Depending on the level of response selected, the actions will kick off as soon as a related case is marked as Malicious in the AgileBlue portal
  • The available autonomous response actions include host isolation, disabling of local AD accounts, and blocking malicious IP addresses at the endpoint level

Response Tag Definitions

  • Response - Manual Response: Devices with this tag will not receive any autonomous response actions, but are still eligible for manual response by users or the AgileBlue SOC Analyst team
  • Response - Task List Only: This category will allow all Response Task List actions to occur on a device as soon as a related case is marked as malicious but the device will not be isolated from the network
  • Response - Isolate Only: If tagged for Isolation Only, devices will be isolated from the network as soon as a related case is marked malicious but the response task list actions will not execute
  • Response - Full Response: All response task list actions will execute and the device will be isolated from the network as soon as a related case is marked as malicious

Enabling Autonomous Response

  1. Log in to the AgileBlue SecOps Platform
  2. In the navigation bar, select Settings then Alert Playbook
  3. Under Sapphire Insights - Autonomous Response toggle the option on the right-hand side to On
  4. Once completed, you will be able to view the four response categories listed above to see which devices are tagged for each section
    1. NOTE: When first enabling Autonomous Response, all devices will default to Manual Response

Enrolling Devices in Autonomous Response

  1. In your AgileBlue portal, access the Data Sources page
  2. Filter for your target devices based on device type, name, or existing tags
  3. Using the check-box columns on the left-hand side, select the devices to be enrolled in Autonomous Response
  4. Apply the desired tag from the options listed below:
    1. Response - Manual Response
    2. Response - Task List Only
    3. Response - Isolate Only
    4. Response - Full Response

Need Help?

AgileBlue is always here to support you and ensure you are 100% successful. If there are any issues with the installation or if you have any questions, please reach out to AgileBlue Support.

Email: support@agileblue.com 
Phone: (216) 606-9400
🚨