Overview
Scenario
SecMaster provides this built-in playbook based on HSS to isolate and kill malware automatically.
How the Playbook Works
The HSS isolation and killing of malware playbook has matched the HSS isolation and killing of malware workflow.
The HSS isolation and killing of malware workflow uses HSS to isolate and kill malware ransomware alerts.
If you are using the HSS professional edition or above to protect assets but have not enabled automatic isolation and killing of malware, manually review is required. If you agree to isolate or kill the infected file, HSS alerts will be generated. The alert is cleared when the malware has been isolated and killed. If the malware is not isolated, a comment on manual handling details will be left.
Prerequisites
You have enabled HSS access logs on Data Integration page under Settings in the current workspace. For details, see Data Integration.
Verification
- The malware has been killed and the alert is closed automatically.
Figure 3 Alerts automatically cleared
- If the malware is isolated and killed, a comment will be left indicating that the alert has been cleared.
Figure 4 Comment on succeeded isolation and killing of malware
- If the malware fails to be isolated or killed, a comment will be left indicating that manual handling is required.
Figure 5 Comment on failed isolation and killing of malware
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot