Instructions on how to reject a remediation
If you feel as though the remediation plan for the Incident Report is not needed because the activity reported is a false positive, you have already remediated the incident, or your business approves of the identified activity, then this guide will show you how to notify the Huntress Security Operation Center (SOC) and reject the remediation.
First, you must navigate to the incident in question and select "review remediation plan."
From there, you will go ahead and select the "Reject" button in the bottom left-hand corner
You will then need to provide your contact information, the reason why you are rejecting, and a brief comment.
In the above form, you have to choose a rejection reason. Below is a list of the different rejection reasons found in the dropdown.
Rejection Reason Definitions
- Approved application: The application reported is approved and should not be reported again
- Business accepted risk: The risky activity reported is accepted by our business and should not be reported again
- Manually remediated: We have manually remediated these findings and do not need to run the Assisted Remediations provided.
- Host re-imaged or decommissioned: The infected host has been taken offline and re-imaged.
- Approved Microsoft 365 user activity: This is authorized user activity in our Microsoft environment.
- Other: Rejecting for a non-listed reason. Please provide more context in the rejection comment.
If you see the following message at the top of your incidents page then your rejection has been sent to the Huntress SOC for review!
Note: Rejected incidents will not show back up in the all incidents data table until they have been actioned by the Huntress Security Operation Center