Containment allows Wirespeed to isolate Endpoints and Users when they are associated with malicious detections. Automatic containment is disabled by default and you should make sure to review case logs with test mode enabled before turning this setting on. During that review ensure your sampling of cases was handled correctly, any containments appeared correct, and reach out to the Wirespeed team if you see any irregularities. When you are ready to enable automatic containment, you can modify the settings underneath Settings > Containment.

Containment is always enabled manually when reviewing a case and selecting Actions > Contain.

​
Max Auto Containments Per Day

This setting allows you to configure the maximum number of auto containments that can be performed per day. This is useful if you want to limit the number of auto containments that can be performed to avoid excessive use of the feature. Once this limit is reached, auto containments will be stopped for the remainder of the day and cases will be escalated to your team instead.

If a case contains more than 10 users or endpoints, containment will be skipped and the case will be escalated to your team instead.