Automated Threat Response (ATR) integrates with security solutions such as FireEye, Fortinet, and Palo Alto Networks to correlate security alerts. Incoming information is normalized into a consistent Security Event format and provide additional information about the source hosts.
ATR isolates restricts, or blocks compromised endpoints and reduces threat containment time by:
- Automating actions on an event based on policies
- Providing information in security alerts
- Prioritizing security events
- Tracing a threat across IT domains and automating an action to minimize the threat containment time
If you have not purchased the ATR license you will not be able to access the ATR features.