You can click the Request Remediation button at the top of a threat to ask the Red Canary Active Remediation (AR) team for a remediation. The Request Remediation button is greyed out if you don’t have an Active Remediation subscription.
Typically, you’ll request remediation in the following situations:
An endpoint was tagged incorrectly or wasn’t tagged due to isolation concerns
You previously acknowledged a threat (AR stop) but have reconsidered and now want AR intervention
You need to notify the AR team when a previously-removed endpoint is restored to the network
You’ve discuss a threat with the Threat Response Engineering team and are comfortable with Active Remediation actions
Note
The Request Remediation button is disabled in the following circumstances:
Low Severity threats
Adversary Emulation threats