Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > Archive > 2017October27 - Deletes > Using the Disable Networking Active Response

Using the Disable Networking Active Response

Created by Caroline Juszczak, last modified by Kevin.Swinson on Oct 27, 2017

Views: 22 Votes: 0 Revisions: 5

Use the Disable Networking Active Response to disable networking on a LEM agent at the Windows Device Manager level. Use this active response for isolating network infections and attacks. You can automate the active response in a LEM rule or manually execute the response from the Respond menu in the LEM console.

Use caution with this active response, since it responds to the LEM agent at the Device Manager level. To avoid disabling networking unintentionally, consider placing new rules with this action in Test mode until you are sure your correlations are configured appropriately.

Configure the Windows Active Response connector on each LEM agent where you need a Disable Networking active response.

  1. Open your LEM Console and log in to your LEM Manager as an administrator.
  2. Click Manage > Nodes.
  3. Locate the LEM agent that requires a new connector.
  4. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/090/Button-Gear_18x15.png next to the agent and select Connectors.
  5. Enter Windows Active Response in the Refine Results search box.
  6. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/090/Button-Gear_18x15.png next to the connector and select New.
  7. Enter a custom alias name for the new connector, or accept the default.
  8. Click Save.
  9. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/090/Button-Gear_18x15.png next to the new connector and select Start.
  10. Click Close to exit the Connector Configuration window.

Re-enable networking on a computer affected by the active response

  1. Log in to the computer locally with administrative privileges.
  2. Open Device Manager in Control Panel > Administrative Tools > Computer Management.
  3. Expand the Network adapters group.
  4. Select the network adapter and click Action > Enable.

 

Last modified

Tags

Classifications

Public