A recently published guide is meant to make sense of Response Automation. The most basic type of response automation involves remediating a specific threat in response to an alert on an endpoint. When a threat is detected, the automated investigation uncovers the root cause of the threat – how did the threat come to be in the environment. The ultimate level involves moving beyond remediation actions to include fully automated investigatory steps to determine if a detected threat actually part of a larger attack and, if so, uncovering related attack components.
Source: https://thehackernews.com/2020/12/download-essential-guide-to-response.html