Capabilities
A capability is a single, named AgentSOAR response action with a fixed target kind, a set of inputs, and a defined revert behavior. This page covers all six: what each does, which providers support it, what it needs, and whether you can undo it.
Summary
| Capability | Target | Providers | Key inputs | Revertible |
|---|---|---|---|---|
block_ip | Host (resource) | aws, gcp, azure | Resolved host, attacker IP, reason | Yes |
isolate | Host (resource) | aws, gcp, azure | Resolved host, reason | Yes* |
power | Host (resource) | aws, gcp, azure, hostinger | Resolved host, reason | Yes |
block_sender | Mailbox (tenant) | google_workspace | Protected mailbox, sender address, reason | Yes |
block_email_domain | Domain (tenant) | google_workspace, microsoft_365, agentsoc_mail_block | Protected mailbox/domain, sender domain, reason | Yes |
disable_user | User (tenant) | google_workspace, microsoft_365 | Protected tenant, target user email, reason | Yes |
* AWS isolate is not revertible when the host was already isolated, because isolation replaces the instance's security groups and the originals are no longer captured.
Every action also carries a human-readable reason that appears in the execution log.
block_ip
Blocks an attacker IP at the network layer guarding a host. On AWS this adds deny rules to the network ACL protecting the target EC2 instance's subnet; GCP and Azure apply the equivalent firewall deny.
- Target kind: resource (a resolved host in inventory).
- Providers: aws, gcp, azure.
- Inputs: the resolved host, the attacker IP to block (not the protected host's own IP), and a reason.
- Revertible: yes. AgentSOAR captures the deny entries it created and removes them on revert.
isolate
Quarantines a host so it can neither send nor receive traffic. On AWS this replaces the instance's security groups with a deny-all quarantine security group; GCP and Azure apply the equivalent quarantine.
- Target kind: resource.
- Providers: aws, gcp, azure.
- Inputs: the resolved host and a reason.
- Revertible: yes, by restoring the host's original network configuration captured before isolation.
On AWS, if the host is already isolated when you run the action, the original security groups are no longer available to restore, so that run is not revertible. Capture and revert isolation deliberately.
power
Powers a host off as a containment action—for example, stopping the target EC2 or Hostinger VPS instance.
- Target kind: resource.
- Providers: aws, gcp, azure, hostinger.
- Inputs: the resolved host and a reason. The action is containment-only: executing it always powers the host off.
- Revertible: yes. Reverting a power action brings the host back online; powering on is performed through revert rather than as a separate input.
block_sender
Blocks an exact sender address from reaching a protected mailbox. On Google Workspace this adds a Gmail filter in the protected user's mailbox that trashes messages from that sender.
- Target kind: tenant (routed by the protected mailbox).
- Providers: google_workspace.
- Inputs: the protected mailbox (
host_email), the attacker's sender email address, and a reason. - Revertible: yes, by deleting the filter AgentSOAR created.
block_email_domain
Blocks an entire sender domain from reaching protected mailboxes. Google Workspace adds a Gmail filter at the delegated admin mailbox; Microsoft 365 adds a sender entry to the Defender Tenant Allow/Block List; agentsoc_mail_block adds the domain to the AgentSOC-managed mail blocklist.
- Target kind: tenant (routed by the protected mailbox or domain).
- Providers: google_workspace, microsoft_365, agentsoc_mail_block.
- Inputs: the protected mailbox or domain (
host_emailorhost_domain), the sender domain to block (derived from the sender email when not given), and a reason. - Revertible: yes, by removing the filter or blocklist entry that was added.
disable_user
Suspends or disables an identity. Google Workspace suspends the user via the Admin SDK Directory API; Microsoft 365 sets the account to disabled via Microsoft Graph.
- Target kind: tenant (routed by any address from the owning tenant).
- Providers: google_workspace, microsoft_365.
- Inputs: the protected tenant (
host_emailorhost_domain), the target user's email, and a reason. - Revertible: yes. AgentSOAR records the user's prior state and restores it on revert.