Once a breach has been confirmed, you need to be able to take quick and appropriate action to prevent further spread and potential damage. The following response actions are available:
- Isolate machines or collect an investigation package
- Upload files for deep analysis
- Stop and quarantine files or block a file from your network
- Pivot into Office 365 to investigate, preventing further spread