RS0005: Recovery
Recover from the incident and return all the assets back to normal operation.
Stage Actions
| ID | Title | Brief Description |
|---|---|---|
| RA5001 | Reinstall Host From Golden Image | Reinstall host OS from a golden image |
| RA5002 | Restore Data From Backup | Restore data from a backup |
| RA5101 | Unblock Blocked Ip | Unblock a blocked IP address |
| RA5102 | Unblock Blocked Domain | Unblock a blocked domain name |
| RA5103 | Unblock Blocked Url | Unblock a blocked URL |
| RA5104 | Unblock Blocked Port | Unblock a blocked port |
| RA5105 | Unblock Blocked User | Unblock a blocked user |
| RAI5105_0001 | Unblock domain account via powershell | Unblock user accounts using the Disable-ADAccount cmdlet |
| RA5201 | Unblock Domain On Email | Unblock a domain on email |
| RA5202 | Unblock Sender On Email | Unblock a sender on email |
| RA5203 | Restore Quarantined Email Message | Restore a quarantined email message |
| RA5301 | Restore Quarantined File | Restore a quarantined file |
| RA5302 | Restore Modified File | Restore all files that could have been altered by the attacker |
| RA5401 | Unblock Blocked Process | Unblock a blocked process |
| RA5501 | Enable Disabled Service | Enable a disabled service |
| RA5601 | Unlock Locked User Account | Unlock a locked user account |
| RAI5601_0001 | Powershell enable AD user | Enable AD user through the Powershell |
| RA5602 | Reissue Revoked Certificate | Reissue revoked certificate |