RocketCyber Automated Remediation Overview - Connect IT Community

/* * These styles apply ONLY to the header and footer assets. */ * { padding: 0; margin: 0; box-sizing: border-box; } .super-nav { display: flex; justify-content: flex-end; align-items: center; margin: 0 auto; max-width: 1264px; padding-left: 40px; padding-right: 40px; height: 40px; text-align: right; } .super-nav a { color: #34427c; margin-right: 20px; padding: 10px; text-decoration: none; } .super-nav a:hover, .super-nav a:focus { background-color: #f7f9fa; } .footer { background: #f5f5f6; color: #555a62; font-size: 14px; line-height: 1.5; padding: 0; } .footer-image { background-image: url("/themes/kaseya/assets/images/footerImage.png"); height: 500px; background-repeat: no-repeat; background-size: cover; margin-top: -100px; } .footer-wrap { padding-left: 18px; padding-right: 18px; max-width: 1236px; margin: 0 auto; } .footer-main-content { background-color: #000; padding: 100px 0; } .footer .footer-col-title { color: #ffffff; font-weight: 700; font-size: 13px; padding-bottom: 10px; text-transform: uppercase; } .footer .footer-link { color: #9b9ca0; text-decoration: none; } .footer .footer-link:hover, .footer .footer-link:focus, .footer .footer-link:active { text-decoration: underline; } .footer-main-content .footer-link { padding-top: 10px; } .footer-row { display: flex; flex-wrap: wrap; justify-content: space-between; align-items: center; margin: -3px; } .footer-main-content-row { align-items: flex-start; } .footer-bottom-content { padding: 10px; align-items: center; } .footer-col { padding: 0 3px; display: flex; flex-direction: column; } .footer-col-copyRight { justify-content: flex-start; color: #9b9ca0; flex: 1; display: flex; } .footer-last-col { flex-direction: row; } .footer-last-col .footer-link { padding-right: 10px; text-transform: uppercase; } @media screen and (max-width: 768px) { .super-nav { padding-right: 0; } .footer-image { height: 250px; } .footer-main-content { padding: 40px 0; } .footer .footer-col-title { padding-top: 10px; } .footer-row:not(.footer-main-content-row) { display: block; } .footer-col:not(.footer-main-content-col) { width: 100%; text-align: center; padding: 10px 0; } .footer-main-content-col { width: 50%; } .footer-last-col { flex-direction: column; } .footer-last-col .footer-link { padding-bottom: 10px; } } /*# sourceMappingURL=styles.css.map */ Ask the Community Groups

RocketCyber Automated Remediation Overview - Connect IT Community | Kaseya

This article will describe the current automated remediation actions available through the RocketCyber agent and how to deploy them.

The RocketCyber agent has the ability to perform the following remediation actions on Windows devices:

Remove files
Delete registry keys & values
Terminate processes
Uninstall software
Stop services
Delete scheduled tasks

We are continually advancing remediation capabilities and anticipate the list of available remediation types to expand over future releases.

How to run an automated remediation

Logon to the RocketCyber Console

Screen_Shot_2021-03-23_at_10.42.11_AM.png

From the Dashboard, click on Review in the Open Incidents notification banner or from the left hand navigation menu click on Incidents

Screen_Shot_2021-03-23_at_10.38.18_AM.png

From the Incidents list, choose an incident and click View Details

Screen_Shot_2021-03-23_at_10.45.05_AM.png

From the Incident Details view click Action / Remediate

Review the remediation details. In this example the requisite files detected from the PuTTY application will be deleted.

You can choose to select which actions are taken by clicking on the check box next to each remediation step.

Isolate All Devices - This option will isolate the device during the remediation process. The process of isolation will prevent the device from communicating on the network with any other destination except the RocketCyber cloud.

After reviewing and selecting the remediation steps click on Execute to perform the choose remediation actions.

Remediation Process

After the Execute button is pressed, the RocketCyber cloud sends a remediation message to the targeted device(s). The agent responds to acknowledge the request and begins executing the assigned remediation steps. Once the remediation has completed the agent will send a message back to the RocketCyber cloud to indicate the completion status of Complete or Failure.

Review Remediation Status

You can view the status of a remediation at anytime from the Incident View

Screen_Shot_2021-03-23_at_10.38.18_AM.png

From the Incident List click on Remediation Status for the desired incident.

Screen_Shot_2021-03-23_at_10.56.35_AM.png

The remediation status view will show the progress of remediation actions across any devices that were selected.

Once the remediation has completed successfully the status of the incident will change to resolved.

Screen_Shot_2021-03-23_at_10.58.54_AM.png