This article will describe the current remediation actions available through the RocketCyber agent and how to deploy them.
The RocketCyber agent has the ability to perform the following remediation actions on Windows devices:
- Remove files
- Delete registry keys & values
- Terminate processes
- Uninstall software
- Stop services
- Delete scheduled tasks
Currently, the apps that can offer Remediation Actions are:
Advanced Breach Detection
Malicious File Detection
How to run a remediation
1. Navigate to the Incidents page in the left sidebar
2. From the Incidents list, choose an incident and click View Details
3. From the Incident Details view click Remediate
4. Select which actions are taken by clicking on the check box next to each remediation step.
Isolate All Devices - This option will isolate the device during the remediation process. The process of isolation will prevent the device from communicating on the network with any other destination except the RocketCyber cloud.
After reviewing and selecting the remediation steps click on Execute to perform the choose remediation actions.
After the Execute button is pressed, the RocketCyber cloud sends a remediation message to the targeted device(s). The agent responds to acknowledge the request and begins executing the assigned remediation steps. Once the remediation has completed the agent will send a message back to the RocketCyber cloud to indicate the completion status of Complete or Failure.
Review Remediation Status
You can view the status of a remediation at anytime from the Incident View
From the Incident List click on Remediation Status for the desired incident.
The remediation status view will show the progress of remediation actions across any devices that were selected.
Once the remediation has completed successfully the status of the incident will change to resolved.