Endiguement
ID: RS0003
Empêcher une menace d’atteindre ses objectifs et / ou de se propager dans un environnement.
Actions de réponse
ID | Nom | Description |
---|---|---|
RA3001 | Corriger la vulnérabilité | Patch a vulnerability in an asset |
RA3101 | Bloquer l’adresse IP externe | Block an external IP address from being accessed by corporate assets |
RA3102 | Bloquer l’adresse IP interne | Block an internal IP address from being accessed by corporate assets |
RA3103 | Bloquer le domaine externe | Block an external domain name from being accessed by corporate assets |
RA3104 | Bloquer le domaine interne | Block an internal domain name from being accessed by corporate assets |
RA3105 | Bloquer l’url externe | Block an external URL from being accessed by corporate assets |
RA3106 | Bloquer l’url interne | Block an internal URL from being accessed by corporate assets |
RA3107 | Bloquer le port de communication externe | Block a network port for external communications |
RA3108 | Bloquer le port de communication interne | Block a network port for internal communications |
RA3109 | Bloquer la communication externe de l’utilisateur | Block a user for external communications |
RA3110 | Bloquer la communication interne de l’utilisateur | Block a user for internal communications |
RA3111 | Bloquer le transfert de données par contenu | Block data transferring by its content pattern (i.e. specific string, keyword, binary pattern etc) |
RA3201 | Bloquer le domaine de l’e-mail | Block a domain name on an Email server |
RA3202 | Bloquer l’expéditeur de l’e-mail | Block an email sender on the Email-server |
RA3203 | Mettre l’e-mail en quarantaine | Quarantine an email message |
RA3301 | Mettre en quarantaine un fichier en fonction du format | Quarantine a file by its format |
RA3302 | Mise en quarantaine d’un fichier en fonction du hash | Quarantine a file by its hash |
RA3303 | Mise en quarantaine d’un fichier en fonction du chemin | Quarantine a file by its path |
RA3304 | Mise en quarantaine du fichier en fonction du contenu | Quarantine a file by its content pattern |
RA3401 | Bloquer le processus par un chemin exécutable | Block a process execution by its executable path (including its name) |
RA3402 | Bloquer le processus par des métadonnées exécutables | Block a process execution by its executable metadata (i.e. signature, permissions, MAC times) |
RA3403 | Bloquer l’execution de processus par le hash | Block a process execution by its executable hash |
RA3404 | Bloquer l’execution de processus par le format | Block a process execution by its executable format |
RA3405 | Bloquer l’execution de processus par le contenu | Block a process execution by its executable content pattern (i.e. specific string, keyword, binary pattern etc) |
RA3501 | Désactiver le service système | Disable a system service |
RA3601 | Verrouiller le compte utilisateur | Lock an user account |