Ensure critical actions are verified before execution by configuring manual approval settings.
Critical response actions like Isolate
Endpoint may have significant impact on the targets. Make sure these
actions are verified and approved by specified users before execution.
Procedure
- Go to and click the Settings tab.
- Enable Approval settings and click Edit
settings.
Note
If you see View settings, you lack the necessary permissions to edit the settings. - Choose a response action from the Response action
drop-down list.
Note
For the Start Remote Shell Session action, select a remote shell approval duration from the drop-down list.Once approved, remote shell access will remain valid for the duration you specify. - Click the edit (
) icon under
Recipients to select recipients to approve the
action.- Select individual accounts or all accounts from the list of available
accounts.Only accounts that have approval permissions are listed.The accounts move to the Selected Recipients tab.
- Click Save to save the selected accounts as a group of recipients.
- Select individual accounts or all accounts from the list of available
accounts.
- To copy the group of recipients to a new approval setting, click the copy
(
) icon and choose a new response
action. - To add a new approval setting, click Add Action.
Important
Pending actions expire after 7 days and cannot be performed.The approval settings you configure in the Response Management app do not affect those configured in the Managed Services or Security Playbooks app. - Choose whether to activate the setting after saving the setting configuration.
- Click Save to save and return to Response Management settings.The response action will be executed upon approval.