Taking Action to an Incident

Introduction

This article provides information about taking action with response in a case.

Response

In order to take action within a case or provide automation through an action rule, response integration must be established.

To block an IP address with a firewall within a case, we can follow the steps below:

While the case is open, the Logsign magic button is displayed in the bottom right corner of the page. Clicking on the button lists the products with integrated response. We can examine the methods by clicking on the product that we want to take action on.

1.png

 

Fortinet Fortigate supports methods such as IP blocking, unblocking, and listing current object groups through API support.

In this scenario, we choose the Block IP method because we will block the IP with the firewall.

2.png

 

Each product has a different API format, so it is possible that the information each product requires from us may be different. In the Fortinet product, we are expected to define the IP address to be blocked, the group address to be registered for blocking, and the duration of the blocking process.

3.png

 

The blocking process takes place with the submit button, and we can examine the output of the process from the case screen.

4.png

 

We can check the accuracy of the process from the Response panel. We can check the blocked IP address in the Responses - Block List section.

5.png

You can unblock the currently blocked IP address with the Delete button.

6.png

 

In a different scenario, we can disable a user by providing LDAP integration with an authorized user.

7.png

8.png

9.png

10.png

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.