Info
Content

Incident Response

Click on the Incidents module and select the option Incident Response. 

incident-response-module.jpg

 1. UTMStack displays the INCIDENT RESPONSE window, which visualizes a table with all incidents responses data created in the IT infrastructure.

default-incident-response-information.jpg

The table columns are: 

  • HOSTNAME: The compromised hostname. 
  • COMMAND: The applied command that executes action against the incident. 
  • STATUS: Describe the current status of the incident response (EXECUTED, ERROR, PENDING). 
  • APPLIED IN:  
  • APPLIED TO: 
  • CREATED: Date when the incident response was. 
  • CREATED BY: 
  • EXECUTION: Allows see the incident response execution result by clicking View result. 

2. Here you have the buttons View commands and Executed command.

buttons-options.jpg

If you click on the button View commands, you will see all default commands available by UTMStack.

command-avaible-ok.jpg  

By clicking Executed command, you can apply the Shutdown server command or execute a specific Incident Response command in Run_CMD to a specific agent (Host/IP).  Click on the button Run command. 

command-2.jpg

3. The Filters section allows:

incident-response-filters.jpg

  • Searching host by typing the hostname. 
  • Filtering incidents responses according to the specific command selected in the Action field. 
  • Filtering incidents responses according to the specific status selected in the Status field. 
  • Filtering incidents responses according to the specific date creation selected in the Calendar icon. 

filter-options.jpg

No Comments
Back to top