Ask the Community
Groups
RocketCyber Automated Remediation Overview - Connect IT Community | Kaseya
<main> <article class="userContent"> <p> </p> <p>This article will describe the current automated remediation actions available through the RocketCyber agent and how to deploy them.</p> <p> </p> <p>The RocketCyber agent has the ability to perform the following remediation actions on Windows devices:</p> <ul><li>Remove files</li> <li>Delete registry keys & values</li> <li>Terminate processes</li> <li>Uninstall software</li> <li>Stop services</li> <li>Delete scheduled tasks</li> </ul><p>We are continually advancing remediation capabilities and anticipate the list of available remediation types to expand over future releases.</p> <h2 data-id="n-a"> </h2> <h2 data-id="how-to-run-an-automated-remediation">How to run an automated remediation</h2> <p>Logon to the RocketCyber Console</p> <p><img src="https://us.v-cdn.net/6032361/uploads/migrated/3RJTB4GHEGEY/screen-shot-2021-03-23-at-10-42-11-am.png" alt="Screen_Shot_2021-03-23_at_10.42.11_AM.png" class="embedImage-img importedEmbed-img"></img></p> <p>From the Dashboard, click on <strong>Review</strong> in the <strong>Open Incidents</strong> notification banner or from the left hand navigation menu click on <strong>Incidents</strong></p> <p> </p> <p><img src="https://us.v-cdn.net/6032361/uploads/migrated/1FHFYILDL1K7/screen-shot-2021-03-23-at-10-38-18-am.png" alt="Screen_Shot_2021-03-23_at_10.38.18_AM.png" class="embedImage-img importedEmbed-img"></img></p> <p> </p> <p>From the Incidents list, choose an incident and click <strong>View Details</strong></p> <p> </p> <p><img src="https://us.v-cdn.net/6032361/uploads/migrated/T078WPT89UWU/screen-shot-2021-03-23-at-10-45-05-am.png" alt="Screen_Shot_2021-03-23_at_10.45.05_AM.png" class="embedImage-img importedEmbed-img"></img></p> <p> </p> <p>From the Incident Details view click <strong>Action / </strong><strong>Remediate</strong></p> <p> </p> <p><strong><img src="https://us.v-cdn.net/6032361/uploads/migrated/X0OCGZCGVGAB/screen-shot-2021-03-23-at-10-46-35-am.png" alt="Screen_Shot_2021-03-23_at_10.46.35_AM.png" class="embedImage-img importedEmbed-img"></img></strong></p> <p> </p> <p><strong><img src="https://us.v-cdn.net/6032361/uploads/migrated/OTGBCFFCMGGR/screen-shot-2021-03-23-at-10-47-38-am.png" alt="Screen_Shot_2021-03-23_at_10.47.38_AM.png" class="embedImage-img importedEmbed-img"></img></strong></p> <p>Review the remediation details. In this example the requisite files detected from the PuTTY application will be deleted.</p> <p>You can choose to select which actions are taken by clicking on the check box next to each remediation step.</p> <p><strong>Isolate All Devices </strong>- This option will isolate the device during the remediation process. The process of isolation will prevent the device from communicating on the network with any other destination except the RocketCyber cloud.</p> <p>After reviewing and selecting the remediation steps click on <strong>Execute</strong> to perform the choose remediation actions.</p> <p> </p> <h2 data-id="remediation-process">Remediation Process</h2> <p>After the <strong>Execute</strong> button is pressed, the RocketCyber cloud sends a remediation message to the targeted device(s). The agent responds to acknowledge the request and begins executing the assigned remediation steps. Once the remediation has completed the agent will send a message back to the RocketCyber cloud to indicate the completion status of Complete or Failure.</p> <h2 data-id="review-remediation-status">Review Remediation Status</h2> <p>You can view the status of a remediation at anytime from the Incident View</p> <p> </p> <p><img src="https://us.v-cdn.net/6032361/uploads/migrated/1FHFYILDL1K7/screen-shot-2021-03-23-at-10-38-18-am.png" alt="Screen_Shot_2021-03-23_at_10.38.18_AM.png" class="embedImage-img importedEmbed-img"></img></p> <p> </p> <p>From the Incident List click on <strong>Remediation Status</strong> for the desired incident.</p> <p> </p> <p><img src="https://us.v-cdn.net/6032361/uploads/migrated/AOAEPCUGUKQC/screen-shot-2021-03-23-at-10-56-35-am.png" alt="Screen_Shot_2021-03-23_at_10.56.35_AM.png" class="embedImage-img importedEmbed-img"></img></p> <p> </p> <p>The remediation status view will show the progress of remediation actions across any devices that were selected. </p> <p>Once the remediation has completed successfully the status of the incident will change to resolved.</p> <p> </p> <p><img src="https://us.v-cdn.net/6032361/uploads/migrated/SG4TXCP6V5ZF/screen-shot-2021-03-23-at-10-58-54-am.png" alt="Screen_Shot_2021-03-23_at_10.58.54_AM.png" class="embedImage-img importedEmbed-img"></img></p> <p> </p> <p> </p> <p> </p> <p> </p> </article> </main>