Prepare your Exclude Lists

With Active Response you are able to exclude some of your assets and users from being quarantined when running quarantine actions as they are critical to your business.

Document your Exclude Lists

  • If you want to exclude assets or users, you must provide to your Customer Advisor.
    • For excluded users, please provide the full DN’s of the users
    • For excluded assets, please provide the hostname of the assets
  • You must use lowercase letters for all entries.
  • You can add as many entries as you’d like to the Exclude Lists, however, the program will only reference the most recent 1,000 entries from each list.

Update your Exclude Lists

If you want to make updates to your Exclude Lists, contact your Customer Advisor.

End to End Test with MDR Team

Your Customer Advisor will help you test the end-to-end process during your next monthly meeting. During this test, you will need to provide your Customer Advisor with a few items:

  • 1 or more test users
  • 1 or more Windows Workstation onsite
  • 1 or more Windows workstation offsite
  • 1 or more Windows Server
  • 1 or more Linux server/workstation if applicable
  • 1 or more MacOS workstation if applicable

What to expect

During the test, your Customer Advisor will validate that the quarantine and unquarantine actions have successfully completed for each of the testing scenarios. In addition, they will validate that the users and assets in your global artifacts are excluded from the quarantine actions. They will also verify that you are receiving Slack notifications for quarantine and unquarantine actions.