October 18, 2024
Dynamic Remediation
A new Remediation settings tab has been added to the Provider and Organization Settings. This page allows you to authorize the RocketCyber SOC team to take action on your behalf beyond device isolation.
In addition to device isolation, you can now provide authorization to the SOC to take the following actions:
-
Device Actions
-
Remove files
-
Terminate Processes
-
Uninstall Software
-
-
Microsoft 365 Actions
-
Disable Accounts
-
Terminate Active Sessions
-
By default, these settings are not available at the organization level. To allow organizations to set custom remediation settings, enable the Allow organizations to configure remediation authorization toggle in the Provider Settings:
These remediation authorization settings replace the previous Remediation Authorization toggle. The status of the removed Remediation Authorization toggle has been transferred to the new Device Isolation Authorization to preserve your previous settings. This has been done at the provider and organization level.