Closing An Active Incident

Incidents are automatically closed when all the reported footholds have been removed from the host. The agent will detect the change and the console will be updated. If you recently remediated, it may take about 15 minutes for the console to update (the agent surveys the host at regular intervals).

In cases where you have wiped the host, you will need to uninstall the agent from the Huntress Dashboard, which will close the incident.

Why is an incident still active if I remediated? How do I verify the footholds have been removed?

There are sometimes instances where you may have removed the footholds, but the incident remains open. Those are covered here.