SI-4(7)—Automated Response To Suspicious Events

a. Notify [Assignment: organization-defined incident response personnel (identified by name and/or by role)] of detected suspicious events; and b. Take the following actions upon detection: [Assignment: organization-defined least-disruptive actions to terminate suspicious events].