Manage Remediations

Remediating security alerts is at the heart of managing your company security. Use the Threat Command > Remediations  page to manage all remediation requests and all remediable alerts from a single pane.

temporary placeholder

The Remediations page shows remediation requests (from all statutes) and all remediable alerts (that are not closed). By default, the list is sorted by Last update date. You can change the sort order by clicking a column header.

Use the Remediations page quick links to:

  • View ROI information.
    • Overall success rate.
    • Duration (SLA) of remediated alerts, and cancelled or failed remediations.
  • Show only potential security issue alerts.
  • These are remediable alerts for which no remediation has been requested.
  • View the active remediation requests.
    • To see the status breakdown, hover over the information icon.
    • The amount of active requests that are pending your (the client) action is shown, too.
  • See remediation license usage and request more licenses.
    You can also use this page to:
  • Consult the Remediation team about the remediation process of an alert.
  • See the progress of remediation requests.
  • View details of all remediable alerts.
  • If the alert contains an IOC, when you hover over that IOC, you can see its properties in the popover that is displayed. This helps gain 360 degree visibility of all relevant context, enabling timely triage and informed decisions.

Overall ROI statistics

Use the ROI statistics to get a quick idea of how successful your remediation efforts are.

  • Success rate - The number of successful remediation requests divided by the total number of remediation requests (in Success, Failed, or Cancelled states). This is shown only when there are a minimum of 5 requests
  • Median SLA - The median duration from when a remediation request was first requested until it is closed. The duration of Waiting for Client state is not included. This is shown only when there are a minimum of 5 requests.

Filter for non-remediated alerts

You can quickly filter the view to see all the alerts that can be remediated for which no remediation has been requested.

This helps you to pinpoint the potential security breaches and to quickly act on them.

To see only non-remediated alerts:

  • From the Remediations page, click Non-Requested.

This is a fast way to filter, which is the same as using the Remediation Status = Not Requested filter.

Remediation statuses

These statutes can be applied to alerts:

StatusState of the remediation
Cancelation in progressThe cancellation is being worked on. You will be notified when the request is canceled.
CanceledThe remediation process has stopped. Credits are not returned.
Completed successfullyThe requested remediation was completed. This risk has been removed.
FailedFor the reason of failure, see the Remediation panel.
In progressThe remediation is being worked on. Progress updates will be emailed.
Not requestedThis alert poses a security risk to your company and no remediation has been requested.
To request remediation, click Remediation or temporary placeholder from the Alert actions panel.
Pending clientThe remediation is waiting, pending action by the user. This could be uploading evidence, a trademark, etc.
See the Remediation panel for direction on what needs to be done.
Pending vendorThe remediation is waiting for a response from the vendor.
ReopenedThe original request is reinitiated. Additional credits are used for each reopen request. This status is not available for filtering.

See status of remediation licenses and request more

You can see how many remediation licenses were used and also request more. This information is the same as the Remediation limitation in the Settings > Subscription page.

Each remediation request uses one license. temporary placeholder When you request more remediation licenses, a message will be sent to your Customer Support Manager who will then contact you.

To request more remediation licenses:

  • From the Remediations page, click Request More Remediations.

Consult the Remediation team

You can contact the Threat Command Remediation team to consult about remediated or non-remediated alerts. This is a direct way to communicate about the alert's remediation progress or to discuss whether to remediate a certain alert. (For non-remediation inquiries, use the Ask an Analyst function on the Alerts page.)

To consult the remediation team:

  1. From the Remediations page, select an alert.
  2. From the Actions panel , click temporary placeholder.
  3. In the Ask the Remediation team panel, type your question at the bottom.
  4. Click the send arrow.

The message you sent is displayed in the panel. Replies will be displayed there, too.

See remediation request progress

Open the Remediation panel Takedown tab to see remediation progress. temporary placeholder The information displayed here is identical to the details shown in the Remediation panel of the Alerts page.

To see alert remediation progress:

  1. From the Remediations page, select an alert.
  2. From the Actions panel , click temporary placeholder.
    The progress is displayed in the Takedown tab.

View details of remediated alerts

Open the alert details to see a summr of alert details. You can also copy the alert ID.

temporary placeholder

The information displayed here is identical to the details shown in the Alerts page.

To view alert details:

  1. From the Remediations page, select an alert.
  2. From the Actions  panel, click temporary placeholder.
    The alert details are displayed.
    In certain alerts, other fields may be displayed. For example, in mobile application alerts, when there is Sandbox information, that information is displayed as an attached PDF file, in the Attached documents  section.