Overview
Rollback restores files that have been deleted or corrupted.
The "Remediate" function, on the other hand, deletes files newly created by software.
The "Rollback" and "Remediate" functions complement each other, and enable the activity of an attack to be reversed by restoring the affected files and deleting the malicious elements created.
These features are based on Microsoft's "Shadow Copy" snapshot tool, as well as events collected on the console. This is achieved by taking the following elements into consideration:
- Versioning system set according to security policy
- No files are saved
- Snapshots are implemented directly on the partition, with disk usage managed by the OS.
2 - Roll back and remediate
Two methods of use :
- Manual: create a rollback remote action by specifying the file or files to be restored, specifying the path and the date closest to the desired version.
- Automatic: from a threat, use the "Rollback & Remediate" fast action, the list of files to be restored is created directly based on events linked to threat processes and creates an automated playbook of actions.
- Automatic: from a threat, use the "Rollback & Remediate" fast action, the list of files to be restored is created directly based on events linked to threat processes and creates an automated playbook of actions.
Cet article a-t-il été utile ?
C'est super !
Merci pour votre commentaire
Désolé ! Nous n'avons pas pu vous être utile
Merci pour votre commentaire
Commentaires envoyés
Nous apprécions vos efforts et nous allons corriger l'article