Skip Navigation

Threat Remediation

Use threat remediation to isolate a device from the network or add a file to the waived or quarantined lists on a device.
If the threat remediation device list is empty, you must specify a device first.
  1. In QRadar, select
    BlackBerry Cylance
    .
  2. Select
    Devices
    .
  3. Select
    Threat Remediation
    .
  4. Select a device from the Devices list.
  5. Select a threat from the Threats list.
  6. Select an action from the Remediation list
    You can select the following actions for a threat.
    If a file has already been remediated, "Quarantined" or "Waived" appears after the file name.
    Remediation
    Description
    Isolate device
    This disables network connectivity on the device for the specified amount of time. This includes LAN ports and WiFi adapters.
    • Expiry Timer is the amount of time the device is isolated from network activity.
    • Choose is a list that allows you to select minutes or days for the amount of time the device is isolated from network activity.
    • When specifying a time for the Expiry Timer, the minimum is 5 minutes, the maximum is 3 days.
    To isolate a device, the CylanceOPTICS agent must be installed on that device. This is also known as Lockdown Device.
    Waive Threat on Device
    This adds the file to the waived list on the selected device.
    Quarantine Threat on Device
    This adds the file to the quarantine folder on the selected device.
  7. Click
    Apply Remediation Action
    .
    If the Modify permission was granted (see Application privileges), administrators can remove any supported device from the network. Before granting this permission, ensure that all administrators in your organization understand the risks involved.