ORCA.242 - Important protection alerts responsible for AIR activities are enabled.
Overviewβ
Automated Incident Response (AIR) triggers off certain alerts that fire in the environment. AIR is responsible for detecting further anomalies and providing automated remediation actions designed to mitigate threats/attacks. It is important that these alerts are enabled so that AIR can function correctly.
Remediation actionβ
Enable important protection alerts that are responsible for AIR activities.
Related Linksβ
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | ORCA.242 |
| Severity | High |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA242 |
| Tags | EXO, ORCA, ORCA.242 |
Sourceβ
- Pester test:
tests/orca/Test-ORCA242.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA242.ps1