#1
Compromised Endpoint Remediation
When a compromised endpoint is detected, D3 enriches the alert with threat intelligence to get a risk score. If the file is determined to be malicious, D3 can then query other endpoints via Sophos Intercept X to find any other instances of the file. Having now identified the full extent of the compromise, the analyst can use D3 to orchestrate actions across the affected endpoints, such as to remove the file, block the hash, kill processes, or quarantine the endpoint.