Response & Remediation
Automated Remediation in Microsoft Sentinel via Attic
Our Sentinel service not only detects threats but also enables automated response and remediation.
Incidents
Each incident generated in Sentinel is matched against our local rule GUID. If the GUID matches, an Attic incident is created. When available, a remediation action is offered—these are automated fixes, such as disabling an account.
Remediations
Currently, we can:
- Disable an account
- Revoke all active sessions to allow time for investigation
Additional custom remediation actions can be developed. If these are relevant to all customers, they will be added at no extra cost.