Isolate a system for suspicious activity — Carbon Black Defense
This article is regarding the way to isolate the machine from the organization’s network.
This was my personal experience in the company. I have been reached out by a person who identified the suspicious activity.
The suspected person has sent a broadcast email to his clients with no body and no content in the email. For some reason, the email has been failed and notified to the whistle-blower of my company.