Block IP and Block Domain automation actions.
Ideally, your endpoints all connect to the internet through centrally administered firewalls or proxies, whether on a local corporate network or via VPN from elsewhere. Those tools are a necessary control plane for network traffic from your endpoints and modern firewalls often block traffic to known bad destinations automatically or by configuration. However, you can’t always count on your endpoints to connect online via primary security infrastructure like your firewall.
Red Canary’s Ban IP and Ban Domain playbook actions use the Defender for Endpoint Network Protection feature to block traffic to and from domains and IP addresses that you mark as indicators of compromise (IOC).
Learn house to use these new actions here.