mirror of
https://github.com/valitydev/atomic-threat-coverage.git
synced 2024-11-06 17:45:23 +00:00
13 lines
534 B
YAML
13 lines
534 B
YAML
title: RA_0037_containment_block_ip_on_ips
|
|
stage: containment
|
|
author: Daniil Yugoslavskiy
|
|
creation_date: 31.01.2019
|
|
description: >
|
|
Block ip on IPS.
|
|
linked_analytics:
|
|
- MS_ips
|
|
workflow: |
|
|
Block ip on IPS using native filtering functionality.
|
|
Warning:
|
|
- If not all corporate hosts access internet through the IPS, this Response Action cannot guarantee containment of threat.
|
|
- Be careful blocking IP address. Make sure it's not cloud provider or hoster. In this case you have to use blocking by URL something more specific. |