Skip to main content Link Menu Expand (external link) Document Search Copy Copied
TechWorkshop L300 Understanding XDR

Task 07: Contain the attack

  1. In the leftmost pane, select Investigation & response > Incidents & alerts > Incidents.

  2. Select the incident LAB - Password spray involving multiple users.

  3. In the rightmost pane, move through the Incident Details, then select Alex Wilber from the user list.

    MonitorInvestigate-36.png

  4. At the top of the flyout, select Revoke all users’ sessions.

    MonitorInvestigate-37.png

  5. Select Revoke all users’ sessions

    MonitorInvestigate-38.png

  6. In the leftmost pane, select Investigation & response > Actions & submissions > Action center.

  7. At the top, select the History tab to confirm remediation steps.

    MonitorInvestigate-39.png

    MonitorInvestigate-40.png

    MonitorInvestigate-41.png