ORCA.242 - Important protection alerts responsible for AIR activities are enabled.
Overview
Automated Incident Response (AIR) triggers off certain alerts that fire in the environment. AIR is responsible for detecting further anomalies and providing automated remediation actions designed to mitigate threats/attacks. It is important that these alerts are enabled so that AIR can function correctly.
Remediation action
Enable important protection alerts that are responsible for AIR activities.
Related Links
Test Metadata
| Field | Value |
|---|---|
| Test ID | ORCA.242 |
| Severity | High |
| Suite | ORCA |
| Category | EXO |
| PowerShell test | Test-ORCA242 |
| Tags | EXO, ORCA, ORCA.242 |
Source
- Pester test:
tests/orca/Test-ORCA242.Tests.ps1 - PowerShell source:
powershell/public/orca/Test-ORCA242.ps1