Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.wirespeed.co/llms.txt

Use this file to discover all available pages before exploring further.

Containment allows Wirespeed to isolate Endpoints, Users, and Files when they are associated with malicious detections. Automatic containment is disabled by default and you should make sure to review case logs with test mode enabled before turning this setting on. During that review ensure your sampling of cases was handled correctly, any containments appeared correct, and reach out to the Wirespeed team if you see any irregularities. When you are ready to enable automatic containment, you can modify the settings underneath Settings > Containment. Containment is always enabled manually when reviewing a case and selecting Actions > Contain.
Auto-containment is not performed for detections from beta integrations. If a detection is generated by a beta integration, Wirespeed will skip automatic containment and escalate the case to your team instead. Manual containment is still available for these detections.

Max Auto Containments Per Day

This setting allows you to configure the maximum number of auto containments that can be performed per day. This is useful if you want to limit the number of auto containments that can be performed to avoid excessive use of the feature. Once this limit is reached, auto containments will be stopped for the remainder of the day and cases will be escalated to your team instead. If a case contains more than 10 users or endpoints, containment will be skipped and the case will be escalated to your team instead.