Hide this message
Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.
Use the Disable Networking Active Response to disable networking on a LEM agent at the Windows Device Manager level. Use this active response for isolating network infections and attacks. You can automate the active response in a LEM rule or manually execute the response from the Respond menu in the LEM console.
Use caution with this active response, since it responds to the LEM agent at the Device Manager level. To avoid disabling networking unintentionally, consider placing new rules with this action in Test mode until you are sure your correlations are configured appropriately.
Configure the Windows Active Response connector on each LEM agent where you need a Disable Networking active response.
Windows Active Responsein the Refine Results search box.