The Threat Actions page enables you to filter threats by type and then take action on multiple threats simultaneously.
- From the navigation menu, click Threats, then click Bulk Actions.
- Select values for the following fields (all fields are required):
- With state - The state of the threat. The state of the threat is set by your detection engineers and threat hunters.
- And severity - Red Canary sets the severity.
- And classification - Red Canary sets the classification.
- Click Load matching threats. A list of the threats that match the criteria that you entered and which will be acted upon appears. If no threats appear, that means that there are no threats that match the criteria that you selected.
- Scroll down to the bottom of the window.
- Beneath Take Action, select the Action that you want to take on all of the listed threats.
- Enter a comment so that you or a teammate can easily understand what you chose to do should you need to audit past actions.
- Choose a Reason.
- Click Execute bulk action.
Note: To start over, re-select Bulk Actions from the navigation menu.
Please sign in to leave a comment.