Modules
Sign in
Get Help
  1. Kaseya
  2. RocketCyber
  3. Incident Tickets

RocketCyber Remediation Actions Overview

 

This article will describe the current  remediation actions available through the RocketCyber agent and how to deploy them.

 

The RocketCyber agent has the ability to perform the following remediation actions on Windows devices:

  • Remove files
  • Delete registry keys & values
  • Terminate processes
  • Uninstall software
  • Stop services
  • Delete scheduled tasks

Currently, the apps that can offer Remediation Actions are:

  • Advanced Breach Detection

  • Suspicious Tools

  • Defender Monitor

  • Malicious File Detection 

How to run a remediation

Logon to the RocketCyber Console

Screen_Shot_2021-03-23_at_10.42.11_AM.png

From the Dashboard, click on Review in the Open Incidents notification banner or from the left hand navigation menu click on Incidents

 

mceclip0.png

 

From the Incidents list, choose an incident and click View Details

 

Screen_Shot_2021-03-23_at_10.45.05_AM.png

 

From the Incident Details view click Action / Remediate

 

Screen_Shot_2021-03-23_at_10.46.35_AM.png

 

Screen_Shot_2021-03-23_at_10.47.38_AM.png

Review the remediation details. In this example the requisite files detected from the PuTTY application will be deleted.

You can choose to select which actions are taken by clicking on the check box next to each remediation step.

Isolate All Devices - This option will isolate the device during the remediation process. The process of isolation will prevent the device from communicating on the network with any other destination except the RocketCyber cloud.

After reviewing and selecting the remediation steps click on Execute to perform the choose remediation actions.

 

Remediation Process

After the Execute button is pressed, the RocketCyber cloud sends a remediation message to the targeted device(s). The agent responds to acknowledge the request and begins executing the assigned remediation steps. Once the remediation has completed the agent will send a message back to the RocketCyber cloud to indicate the completion status of Complete or Failure.

Review Remediation Status

You can view the status of a remediation at anytime from the Incident View

 

mceclip1.png

 

From the Incident List click on Remediation Status for the desired incident.

 

Screen_Shot_2021-03-23_at_10.56.35_AM.png

 

The remediation status view will show the progress of remediation actions across any devices that were selected. 

Once the remediation has completed successfully the status of the incident will change to resolved.

 

Screen_Shot_2021-03-23_at_10.58.54_AM.png

 

 

 

 

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section