Mitigation CVS Report
The Mitigation Report gives you detailed information for each mitigation action taken on a threat.
- The time the each remediation step occurred
- What exactly was done and to which files or processes
- The status of each remediation step
The below example is a mitigation report for a successful Rollback action - While rollback was initiated one time, each step that the Agent did as part of the rollback is recorded.
To get a Mitigation Report from the header of a threat in Incident details:
- In the Incident details of a threat, in the header, click a mitigation action
- Click Download CSV Report - The report downloads to your browser as a csv file
To get a Mitigation Report from a threat's Timeline in Incident details:
- In the Incident details of a threat, in the header, click Timeline
- In the Event Timeline, a download icon shows next to mitigation activities - click the icon next to a mitigation activity - The report downloads to your browser as a csv file
Storyline for Threats
The RMM autonomous Agent automatically groups events related to a single threat into one Storyline. All alerts related to the Storyline of that threat are joined into a single alert. When you run mitigation on a threat, all events in the Storyline are mitigated.
Storyline lets security analysts understand the full story of what happened on an endpoint. Use it to understand the full story behind threats and save time for your security teams.
The events are included in the Storyline in the Incident details Explore tab.
In the Incident details Overview, you can see the Storyline ID in the Threat Information.