In the ContraForce Portal, users are able to respond to incidents with a single click. There are 8 different available actions and this article will explain how they can help simply incident response for ContraForce Users.
In the ContraForce Portal, 8 different Playbooks are available to be used for One-Click Response. Below is a list of the playbooks along with a description of how they function.
- Lockout User
- This playbook disables a user’s account and prevents them from signing in.
- Reset User Password
- This playbook prevents a user from generating new sign ins without first resetting their password during their next sign in attempt.
- Invalidate Existing Sessions
- This playbook ends a user’s signed in sessions, preventing the authorization of additional actions associated with those sessions
- Isolate Endpoint
- This playbook disables an endpoint's external networking capabilities.
- Scan Endpoint
- This playbook triggers an anti-virus scan on an endpoint.
- Acknowledge Response
- This playbook updates an incident, adding a comment containing a timestamp and the username of the user who executed the playbook.
- Quarantine File
- This playbook stops a file from being used by other programs and deletes it.
- Block IP
- This playbook updates a firewall’s rules to block network traffic from a specific IP address.
These Playbooks give ContraForce users the ability to take immediate action on affected entities straight from their ContraForce Portal. This results in a more streamlined response process as responders do not need to login to multiple dashboards to respond to an incident. This gives valuable time back and makes cybersecurity easy and accessible.
Furthermore, specific Playbooks can be combined together to create Gamebooks. Gamebooks are collections of playbooks selected by the user to further automate the incident response process. More information about Gamebooks can be found here.