Manage Remediations
Remediating security alerts is at the heart of managing your company security. Use the Threat Command > Remediations page to manage all remediation requests and all remediable alerts from a single pane.
The Remediations page shows remediation requests (from all statutes) and all remediable alerts (that are not closed). By default, the list is sorted by Last update date. You can change the sort order by clicking a column header.
Use the Remediations page quick links to:
- View ROI information.
- Overall success rate.
- Duration (SLA) of remediated alerts, and cancelled or failed remediations.
- Show only potential security issue alerts.
- These are remediable alerts for which no remediation has been requested.
- View the active remediation requests.
- To see the status breakdown, hover over the information icon.
- The amount of active requests that are pending your (the client) action is shown, too.
- See remediation license usage and request more licenses.
You can also use this page to: - Consult the Remediation team about the remediation process of an alert.
- See the progress of remediation requests.
- View details of all remediable alerts.
- If the alert contains an IOC, when you hover over that IOC, you can see its properties in the popover that is displayed. This helps gain 360 degree visibility of all relevant context, enabling timely triage and informed decisions.
Overall ROI statistics
Use the ROI statistics to get a quick idea of how successful your remediation efforts are.
- Success rate - The number of successful remediation requests divided by the total number of remediation requests (in Success, Failed, or Cancelled states). This is shown only when there are a minimum of 5 requests
- Median SLA - The median duration from when a remediation request was first requested until it is closed. The duration of Waiting for Client state is not included. This is shown only when there are a minimum of 5 requests.
Filter for non-remediated alerts
You can quickly filter the view to see all the alerts that can be remediated for which no remediation has been requested.
This helps you to pinpoint the potential security breaches and to quickly act on them.
To see only non-remediated alerts:
- From the Remediations page, click Non-Requested.
This is a fast way to filter, which is the same as using the Remediation Status = Not Requested filter.
Remediation statuses
These statutes can be applied to alerts:
| Status | State of the remediation |
|---|---|
| Cancelation in progress | The cancellation is being worked on. You will be notified when the request is canceled. |
| Canceled | The remediation process has stopped. Credits are not returned. |
| Completed successfully | The requested remediation was completed. This risk has been removed. |
| Failed | For the reason of failure, see the Remediation panel. |
| In progress | The remediation is being worked on. Progress updates will be emailed. |
| Not requested | This alert poses a security risk to your company and no remediation has been requested. To request remediation, click Remediation or  from the Alert actions panel. |
| Pending client | The remediation is waiting, pending action by the user. This could be uploading evidence, a trademark, etc. See the Remediation panel for direction on what needs to be done. |
| Pending vendor | The remediation is waiting for a response from the vendor. |
| Reopened | The original request is reinitiated. Additional credits are used for each reopen request. This status is not available for filtering. |
See status of remediation licenses and request more
You can see how many remediation licenses were used and also request more. This information is the same as the Remediation limitation in the Settings > Subscription page.
Each remediation request uses one license.
When you request more remediation licenses, a message will be sent to your Customer Support Manager who will then contact you.
To request more remediation licenses:
- From the Remediations page, click Request More Remediations.
Consult the Remediation team
You can contact the Threat Command Remediation team to consult about remediated or non-remediated alerts. This is a direct way to communicate about the alert's remediation progress or to discuss whether to remediate a certain alert. (For non-remediation inquiries, use the Ask an Analyst function on the Alerts page.)
To consult the remediation team:
- From the Remediations page, select an alert.
- From the Actions panel , click
. - In the Ask the Remediation team panel, type your question at the bottom.
- Click the send arrow.
The message you sent is displayed in the panel. Replies will be displayed there, too.
See remediation request progress
Open the Remediation panel Takedown tab to see remediation progress.
The information displayed here is identical to the details shown in the Remediation panel of the Alerts page.
To see alert remediation progress:
- From the Remediations page, select an alert.
- From the Actions panel , click
.
The progress is displayed in the Takedown tab.
View details of remediated alerts
Open the alert details to see a summr of alert details. You can also copy the alert ID.
The information displayed here is identical to the details shown in the Alerts page.
To view alert details:
- From the Remediations page, select an alert.
- From the Actions panel, click
.
The alert details are displayed.
In certain alerts, other fields may be displayed. For example, in mobile application alerts, when there is Sandbox information, that information is displayed as an attached PDF file, in the Attached documents section.