When investigating security events, which feature in Cortex XDR is useful for reverting the changes on the endpoint?
When investigating security events, which feature in Cortex XDR is useful for reverting the changes on the endpoint?
Remediation Automation in Cortex XDR is a feature designed to automatically revert changes on an endpoint caused by malicious activity. When a security event is detected, this feature can autonomously handle the remediation process by identifying and reversing the modifications made to the system, thereby bringing it back to a known good state without manual intervention.
I agree with link listed below
I will pick D https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Remediate-Changes-from-Malicious-Activity When investigating suspicious incidents and causality chains you often need to restore and revert changes made to your endpoints as result of a malicious activity. To avoid manually searching for the affected files and registry keys on your endpoints, you can request Cortex XDR for remediation suggestions.