Skip to content

[REQUEST][Serverless]: Enable endpoint actions in events #1582

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 13 commits into from
Jun 10, 2025
Merged

[REQUEST][Serverless]: Enable endpoint actions in events #1582

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
5d8d8e8
First draft
nastasha-solomon Jun 2, 2025
ef8ec8a
Merge branch 'main' into issue-674-endpoint-actions-serv
nastasha-solomon Jun 3, 2025
7a36482
Replace variable
nastasha-solomon Jun 3, 2025
875bd9f
Merge branch 'issue-674-endpoint-actions-serv' of https://github.com/…
nastasha-solomon Jun 3, 2025
ca9f4d9
Update solutions/security/endpoint-response-actions/isolate-host.md
nastasha-solomon Jun 5, 2025
e3fcfce
Update solutions/security/endpoint-response-actions/isolate-host.md
nastasha-solomon Jun 5, 2025
8ce8e20
Update solutions/security/endpoint-response-actions/isolate-host.md
nastasha-solomon Jun 5, 2025
3894bbf
Merge branch 'main' into issue-674-endpoint-actions-serv
nastasha-solomon Jun 5, 2025
4aeb508
Moved change
nastasha-solomon Jun 5, 2025
edb807c
a
nastasha-solomon Jun 5, 2025
8fbf024
Merge branch 'main' into issue-674-endpoint-actions-serv
nastasha-solomon Jun 9, 2025
0f6c1e4
Merge branch 'main' into issue-674-endpoint-actions-serv
nastasha-solomon Jun 10, 2025
ffaa84d
Merge branch 'main' into issue-674-endpoint-actions-serv
nastasha-solomon Jun 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions solutions/security/endpoint-response-actions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,11 @@ Launch the response console from any of the following places in {{elastic-sec}}:
* **Endpoints** page → **Actions** menu (**…**) → **Respond**
* Endpoint details flyout → **Take action** → **Respond**
* Alert details flyout → **Take action** → **Respond**

::::{note}
In {{serverless-short}}, you can also launch the response console from the event details flyout (event details flyout → **Take action** → **Respond**).
::::

* Host details page → **Respond**

To perform an action on the endpoint, enter a [response action command](/solutions/security/endpoint-response-actions.md#response-action-commands) in the input area at the bottom of the console, then press **Return**. Output from the action is displayed in the console.
Expand Down
8 changes: 4 additions & 4 deletions solutions/security/endpoint-response-actions/isolate-host.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,9 +120,9 @@ After the host is successfully isolated, an **Isolated** status is added to the

## Release a host [release-a-host]

::::{dropdown} Release a host from a detection alert
1. Open a detection alert:

::::{dropdown} Release a host from an event (Serverless only) or detection alert
1. Open an event (Serverless-short only) or a detection alert:
* From the event analyzer view: Click an event. (Serverless only)
* From the Alerts table or Timeline: Click **View details** (![View details icon](/solutions/images/security-view-details-icon.png "title =20x20")).
* From a case with an attached alert: Click **Show alert details** (**>**).

Expand All @@ -132,7 +132,7 @@ After the host is successfully isolated, an **Isolated** status is added to the
::::


::::{dropdown} Release a host from an endpoint
::::{dropdown} Release a host from an event ({{serverless-short only}}) or detection alert
1. Find **Endpoints** in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then either:

* Select the appropriate endpoint in the **Endpoint** column, and click **Take action → Release host** in the endpoint details flyout.
Expand Down
Loading