Endpoint Proactive Response Example Playbook

managedxdr

Host Isolation and Restoration Playbook Configuration ⫘

1. Configure a Taegis Agent - Isolate playbook for the Isolate action using the trigger parameters shown below. For more information about adding a new playbook, see Create a New Playbook.

• Enter MXDR_ISOLATE in the Playbook Details Name field.
• Select User Initiated for the Trigger Type.
• Select Response Action for the Category.
• Select Asset for the Context.
• Enter MXDR_ISOLATE in the Trigger Source Name field.
• Under When does this playbook run?, select Only When and then enter inputs.asset.endpointType == 'ENDPOINT_TAEGIS' in the Trigger Filter field.

Playbook for isolating endpoints with the Taegis Agent installed

2. Configure a Taegis Agent - Restore playbook for the Restore action using the trigger parameters shown below. For more information about adding a new playbook, see Create a New Playbook.

• Enter MXDR_RESTORE in the Playbook Details Name field.
• Select User Initiated for the Trigger Type.
• Select Response Action for the Category.
• Select Asset for the Context.
• Enter MXDR_RESTORE in the Trigger Source Name field.
• Under When does this playbook run?, select Only When and then enter inputs.asset.endpointType == 'ENDPOINT_TAEGIS' in the Trigger Filter field.

Playbook for restoring endpoints with the Taegis Agent installed

3. Now that you have created the Isolate and Restore playbooks, they appear in the ACTIONS menu for Taegis Agent assets. For example, MXDR_ISOLATE and MXDR_RESTORE.

Response Actions for the Taegis Agent