Overview

Response plans are a collection of remediation actions that are executed against endpoints. This article will demonstrate the auditing capabilities surrounding response plans.

This article is part of a 4 part series:

Respond to confirmed threats
Isolate an endpoint
Execute response plans
Audit response plans (this article)

Auditing Response Plans

You can review the results of past response plans by clicking Confirmed Threats > Remediation Plans:

The Remediation Plans page provides a chronological listing of all previously executed response plans. The following attributes are recorded with each response plan:

  • Associated Detection
  • Endpoint
  • Response Plan (which actions were taken)
  • Status
  • Created Time
  • Executed Time

You can click on the ellipsis (...) that appears under the "Response Plan" attribute to reveal a full listing of individual response actions that were taken:

 

Did this answer your question?