Goal
Ensure containment actions can still execute even if the EDR API is temporarily down.
Scope
- Implement fallback logic to isolate hosts using native OS commands (e.g., Windows Firewall rules via WinRM, iptables via SSH).
- Trigger only if the primary EDR action fails or times out.
OpSec Mandate
Proxy must require explicit customer configuration of fallback credentials. Credentials must be stored in memory only.
Goal
Ensure containment actions can still execute even if the EDR API is temporarily down.
Scope
OpSec Mandate
Proxy must require explicit customer configuration of fallback credentials. Credentials must be stored in memory only.