Responder provides security mitigation to block infected or malicious traffic, inform
you
of possible threats, and place the host into remediation. Responder policies monitor
all
traffic according to devices, and use filters to enact another layer of protection.
Filters include action sets with options to automatically redirect users and halt
trigger traffic flows.
This chapter defines how to create actions and policies that perform expanded Responder
actions beyond filter action sets. Triggered policies can make an entry to the
event
log, send email notification regarding the issue, send an SNMP trap, and add entries
to
the Reputation Database. You can also create switch-level policies and integrate
with
system management tools. The SMS provides manual actions for adding hosts to the
Active
Responder queue.
The Responder workspace provides a centralized environment for managing
security response actions, policies, switches, and response history