Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Managing Attacks Pending Service Deactivation

 

To manage attacks waiting for service deactivation:

  1. In the Threat Mitigation Portal navigation pane, click Stop Pending.

    The Stop Pending page displays all attacks whose status is pending due to service deactivation.

    The Attack ID is linked to the Attack Details page, which displays more information about the attack record.

    The help button provides information about the possible actions that can be taken in response to an attack. For example, the Help could recommend blocking the attack, blocking the attacker, or slowing the attacker.

  2. To sort the attacks by a different category, select another category from the Sorted By drop-down list, and click Sort.

  3. To sort the attacks in a different order, select the order from the Ordered By drop-down list, and click Sort.

  4. In the Service Stop Pending Attacks table, you have these options.

    • Click Cancel in a row to remove the attack from the Stop Pending page and activate the service.

      If the attack is no longer in the same state as when you clicked Cancel, the action is terminated, and a message explains that the attack has been handled. Otherwise, the result depends on whether the service is activated.

      • If the service is activated, the attack is moved to the Actions Taken page.

      • If the service is waiting to be activated, the attack record is placed in a pending state and appears in the Start Pending page. The Last Failure Time column indicates the time when the service activation was triggered.

    • Click Force Cleanup in a row to delete the attack from the database.

      You are responsible for ensuring that the service is deactivated. The SRC TMP does not try to deactivate the service in this case.

    • Click Retry in a row to try to manually deactivate the service again.

      If the attack is no longer in the same state as when you clicked Retry, the action is terminated, and a message explains that the attack has been handled. Otherwise, the result depends on whether the service is deactivated.

      • If the service is deactivated, the attack is moved to the Action Required page.

      • If the service is waiting to be deactivated, the attack record stays in the same state and continues to appears in the Stop Pending page. The Last Failure Time column indicates the time when the service deactivation was triggered.

      The SRC TMP automatically tries to deactivate the service again according to the configuration properties (see Configuring Logging).

Related Documentation