Goal
Run endpoint response actions (collection/containment) from CoPilot and verify outcomes.When to use
- During active incident response
- For repeatable evidence collection workflows
Prereqs
- Response/action capability is configured and tested
Procedure (high level)
- Select the action
- Target the correct endpoint
- Execute and monitor completion
- Review results and document in a case
Validation
- Action completed successfully
- Evidence/results captured and accessible