RS0004: Eradication
Remove a threat from an environment.
Stage Actions
| ID | Title | Brief Description |
|---|---|---|
| RA4001 | Report Incident To External Companies | Report incident to external companies |
| RA4002 | Apply Prevention Mode For Iocs | Apply security solution prevention mode for all identified IOCs. |
| RA4101 | Remove Rogue Network Device | Remove a rogue network device |
| RA4201 | Delete Email Message | Delete an email message from an Email Server and users' email boxes |
| RA4301 | Remove File | Remove a specific file from a (remote) host or a system |
| RAI4301_0001 | Deleting a file from Windows with Powershell | Removing a file from a Windows system through the Powershell |
| RAI4301_0002 | Deleting a file from Windows via SOLDR | Removing a file from a Windows system through the SOLDR agent |
| RA4501 | Remove Registry Key | Remove a registry key |
| RAI4501_0001 | Remove Windows registry key with Powershell | Removing a hive, key or value from windows registry through the Powershell |
| RA4502 | Remove Service | Remove a service |
| RA4503 | Remove Persistence Mechanisms | Remove persistence mechanisms |
| RA4601 | Revoke Authentication Credentials | Revoke authentication credentials |
| RA4602 | Remove User Account | Remove a user account |
| RA4603 | Reset Authentication Credentials | Reset authentication credentials |
| RA4604 | Delete Attribute From Object | Remove a record from object attribute |
| RAI4604_0001 | Powershell clear attribute from AD object | Clearing a attribute from AD object through the Powershell |
| RA4605 | Revoke Certificate | Revocation of an issued certificate |