| title | responseAction resource type |
|---|---|
| description | Describes an action taken on impacted assets as set in the custom detection rule. |
| author | mmekler |
| ms.localizationpriority | medium |
| ms.subservice | security |
| doc_type | resourcePageType |
| ms.date | 03/06/2024 |
Namespace: microsoft.graph.security
[!INCLUDE beta-disclaimer]
Describes an action taken on impacted assets as set in a custom detection rule. For more information, see response actions
This type is abstract and has multiple response action types that are derived from it:
- Stop and quarantine file
- Disable user
- Force user password reset
- Mark user as compromised
- Collect investigation package
- Initiate investigation
- Isolate device
- Restrict app execution
- Run antivirus scan
- Allow file
- Block file
- Hard delete email
- Soft delete email
- Move to inbox
- Move to deleted items
- Move to junk
- Incident task
None.
None.
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.security.responseAction"
}