Prepare your Exclude Lists

With Active Response you are able to exclude some of your assets and users from being quarantined when running quarantine actions as they are critical to your business. Your Customer Advisor (CA) has already shared with you an Excel spreadsheet to add in your Exclude Lists. Your CA will add your initial list of assets and users to Active Response as global artifacts that act as containers that should not be quarantined.

In this section, you’ll add entries to your Excel spreadsheet Exclude Lists.

Document your Exclude Lists

  • You must fill two seperate lists in the Excel spreadsheet: Exclude Assets and Exclude Users.
  • You must use lowercase letters for all entries.
  • You can add as many entries as you’d like to the Exclude Lists, however, the program will only reference the most recent 1,000 entries from each list.

Update your Exclude Lists

If you want to make updates to your Exclude Lists, contact your Customer Advisor.

End to End Test with MDR Team

Your Customer Advisor will help you test the end-to-end process during your next monthly meeting. During this test, you will need to provide your Customer Advisor with a few items:

  • The <strong>Exclude Assets</strong> global artifact list for assets you want to exclude from quarantine actions.
  • The <strong>Exclude Users</strong> global artifact list for users you want to exclude from quarantine actions.
  • A test asset and a test user for your Customer Advisor to perform containment actions on.

Testing scenarios

To prepare for testing your assets and users, refer to the "Test Assets/Users" tab in the "AR Testing and Exclusions" Excel sheet your CA provided. You will need to provide:

  • 1 or more Windows Workstation onsite
  • 1 or more Windows workstation offsite
  • 1 or more Windows Server
  • 1 or more Linux server/workstation if applicable
  • 1 or more MacOS workstation if applicable

What to expect

During the test, your Customer Advisor will validate that the quarantine and unquarantine actions have successfully completed for each of the testing scenarios. In addition, they will validate that the users and assets in your global artifacts are excluded from the quarantine actions. They will also verify that you are receiving Slack notifications for quarantine and unquarantine actions.