Remediation Steps

Remediation steps are text-based instructions defined within event definitions, Sigma rules, and anomaly detectors. They provide security analysts with clear, actionable guidance on how to respond when an alert is triggered.

By embedding incident-specific response measures directly into detection logic, remediation steps ensure that analysts have immediate access to recommended next steps at the moment of detection. When an event fires, the associated remediation steps are displayed prominently alongside the alert details.

Apply Remediation Steps

Remediation steps can be applied to event definitions, Sigma rules, and anomaly detectors. For information on how to create and apply remediation steps, see the following documentation:

Apply remediation steps when creating an event definition.
Apply remediation steps when creating or applying a Sigma rule.
Apply remediation steps to an anomaly detector.

Remediation Steps

Apply Remediation Steps

Further Reading