The Block Action capability blocks observables associated with a security incident on a firewall, web proxy, or other control point using implementation flows. This capability is used during incident response investigations to contain an identified threat.

The Block Request capability has a flow, Security Operations Integration - Block Request Flow, that executes the request to block. This flow accepts a list of observables, finds any implementing capabilities, and executes the request based on the configured flow.