Use the Kill Process SOAR action to kill the running process of selected alerts on an endpoint.
- This action can be run from an alert or a device.
- Perform this action from the related list of Running Processes table from the Alert record page.
- Upon the successful killing of the process, the state in the Running Processes table for that process updates to
KILLED
and that process no longer displays in the Running Processes related list in the Alerts table. - Because this action is executed from the Running Processes related list from the Alert record page, a Worknote is created in the Security Incident for
Kill Process
.