Users can now request remediation for threats in their portals, by clicking the Request Remediation button at the top of a threat. This enables users to generate notifications for the Active Remediation (AR) team.
Users can request remediation for the following use cases:
An endpoint was not tagged correctly or was not tagged due to isolation concerns
The customer acknowledged a threat (AR stop) but then reconsidered and wants AR intervention
An endpoint was removed from the network and requires a method to notify the Active Remediation team when it is restored
An older threat (prior to tagging) that generates additional activity without a substantial update
A user discusses the threat with the Threat Response Engineering team and becomes comfortable with Active Remediation actions
Note: This is only available to users who have Active Remediation subscriptions. The button is visible to all users but will be greyed out for non-AR users.