| 主权项 |
1. A method comprising:
responsive to detecting network activity indicative of a threat, selecting, by a processor of a network security system, a threat mitigation scheme corresponding to a set of response actions; filtering, by the processor, the set of response actions based on a policy to generate a set of allowed response actions, wherein the policy includes a condition identifying an attribute of potential network activity and a prohibited response action, and wherein filtering the set of responses includes removing the prohibited response action from the set of response actions in response to the network activity having the attribute; and executing, by the processor, one or more response actions of the set of allowed response actions. |
