Respond to Critical Incidents
Respond to incidents right form your dashboard. UTMStack supports several incident response actions such as Isolate Host, Kill processes, Logoff and block users or IPs and much more.
Simple and powersful
You see an alert and confirm that a server has been compromised. You or the SOC team decide to isolate the host from the network and lock down the computer for forensic analysis. Time is key and this should be accomplished ASAP before the Cryptoware spreads through the network.
With UTMStack Incident response this can be accomplished in a matter of seconds. Just navigate to Incident response and select “Lockdown server” on the commands list.
Extended Research and Analysis
Alerts may often require additional research and analysis. Switching windows and tabs to log into a server or opening an SSH console to explore or change configurations might be time-consuming.
UTMStack Incident response capabilities have been extended to provide an Interactive-console like interface. Control any host from your UTM Dashboard and make those changes in seconds.