Users have the ability to auto-remediate the Probable Ransomware Issues in Secure & Govern. Following are the steps listed to configure and enable auto-remediation rules for Probable Ransomware issues.
-
Navigate to Settings -> Analysis Rules.
-
Select the desired Issue Type as Probable Ransomware.
-
Click on Create an auto-remediation rule.
-
Enter Rule Name and Description. Select Next.
-
Select Match Criteria ANY or ALL.
When “ALL” is selected, all the rule conditions must be met for an issue to be auto-remediated. When “ANY” is selected, auto-remediation will occur when any of the rule conditions are met.
-
Enter Rule Condition
-
- For Probable Ransomware issue type, two conditions available to add are based on Detection Confidence and user type.
- Specify the criteria for first condition selected and click on Add Condition to specify the criteria for second condition.
- Specify the criteria for first condition selected and click on Add Condition to specify the criteria for second condition.
- For Probable Ransomware issue type, two conditions available to add are based on Detection Confidence and user type.
-
-
Enter Rule Action
- For Probable Ransomware issue type, there are three possible actions available as Deactivate user account, Dismiss issue(s), and Delegate to selected user. Add one or more actions to the Analysis rule
- For Probable Ransomware issue type, there are three possible actions available as Deactivate user account, Dismiss issue(s), and Delegate to selected user. Add one or more actions to the Analysis rule
- Select Next.
- Select whether or not to Apply this rule to previously detected issues that match the selected criteria and click Next.
- Review the Rule Configuration. Click on Create.
The Back button can be selected at any time to change the rule configuration prior to the rule being created.
-
The Auto-Remediation Rule is created.
Currently, only one auto-remediation rule can be created per issue type.