We are excited to announce that we will be launching a Respond tab to enable Response Actions in the new Case Management (Cases) User Experience (UX) for Response Actions on December 11, 2023.
Response Actions will start with Okta first for the Identity (IAM) and is powered by Sophos Factory.
Integration Setup in Threat Activity Center (TAC)
Setup of the integration for Okta in the marketplace will be required to use response actions and enable them in the respond tab. The integration for Okta uses the new Integration Credential Manager feature in Central Global Settings launching with Response Actions. All new response actions will use Credential Manager and long term we will expand the use of Credential Manager across Central.
Okta Response Actions can be setup by clicking the Add Configuration button. A wizard will guide the process of setting up the credential to use in XDR cases.
XDR Cases Respond Tab
Respond Tab Overview
- Suspend User
- Unsuspend User
- Reset Password
- Reset User Sessions
Response Action Run Dialog
When a response action is selected a user can select from a setup integration or setup new from the TAC integrations page and input an applicable field like username and the reason for running the response action and click run.
Once the response action has started the run it will appear in the list on the Respond tab. The completed run will show the status and other data applicable to the run, e.g. inputs, outputs. etc.
Thanks you for all the hard work put in to make Response Actions a reality including SecOps Engineering, SecOps PM, and the Sophos Factory Engineering team!
Please respond in the comments on feedback and enhancements for Response Actions or reach out to the SecOps PM team.