# Remediator Integrations

## Remediator + Automatic Containment

Remediators are an additional function that you can add to existing integrations, or enable independently. Enabling Remediators will allow you to use Containment Actions in future investigations generated by the Remediator, such as suspending a suspicious user until further investigation.

## Setting up Remediator

Remediator configuration is performed in the integration configuration along with Alert and Data Sources. In the "Available Containment Actions" section you may choose to enable or disable specific containment actions for the Remediator. Doing so will allow you to utilize these containment actions when responding to future investigations.

Click "Test & Save" to finish.

<figure><img src="https://435022081-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FmBVcKuiytGCsIDpL70BC%2Fuploads%2Fgit-blob-6971742feb95304374908b2d254140e60c8a0986%2Fgoogle-workspace-remediator.png?alt=media" alt=""><figcaption><p>Example: Google Workspace Remediator section</p></figcaption></figure>

{% hint style="warning" %}
When saving your Containment Action configuration, Dropzone only tests that read permissions are working, as testing write access could cause unintended negative side effects in your environment. Be sure to double check that Dropzone has the required permissions to avoid errors when running Containment Actions.
{% endhint %}

### Remediator in Investigation UI

Once you have enabled your Remediator, Dropzone will surface 1-click Containment Actions to you based on the enabled Containment Actions and the relevant entities in the alert for all future investigations.

The Containment Actions are shown on the Remediations tab for each investigation, and a summary is viewable on the Investigation Summary page. A list of suggested Containment Actions is included in the "Recommended Remediations" section of the Remediator page.

<figure><img src="https://435022081-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FmBVcKuiytGCsIDpL70BC%2Fuploads%2Fgit-blob-944b5d3604e0818a068aeaca37a83153817fbd4c%2Fremediator-1.png?alt=media" alt=""><figcaption><p>Example investigation</p></figcaption></figure>

Containment Actions are grouped by their category and entity.

* Category: what the containment action is, such as "Revoke User Sessions" or "Suspend User"
* Entity: what the containment is acting on, such as the User

{% hint style="success" %}
If there is a specific category of Containment Action you'd like us to include that we do not yet feature, please engage your Dropzone AI support representative.
{% endhint %}

To manually add a Containment Action, do the following:

* Under the "Containment Action" heading, click "+ Add Actions"

<figure><img src="https://435022081-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FmBVcKuiytGCsIDpL70BC%2Fuploads%2Fgit-blob-85a2b7de97933e82ba3e7c3587d66b2337bf8a2b%2Fremediator-2.png?alt=media" alt=""><figcaption><p>Add a Containment action</p></figcaption></figure>

* In the Category field, select what containment action you wish to perform, e.g. "Suspend User"
* In the Entity field, input the entity you want to apply the action to, e.g. the user "Emily Eaton"
* Continue adding containment actions until done by clicking "+ Add New Action"
* Click "Save"

<figure><img src="https://435022081-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FmBVcKuiytGCsIDpL70BC%2Fuploads%2Fgit-blob-635eaa2970e9df4adcffdcf7f3047083935482cb%2Fremediator-3.png?alt=media" alt=""><figcaption><p>Click Save</p></figcaption></figure>

Containment Actions will run automatically as a group across every integrated remediator. For many action categories, it makes sense to run across all integrations (e.g. when suspending a user across all integrated accounts). For others, you may wish for only one integration to succeed for the specific entity.

To exclude integrations from running the Containment Action, do the following:

* Click the arrow on the left of the Containment Action name
* Locate the Remediator you wish to exclude and click "Exclude"

<figure><img src="https://435022081-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FmBVcKuiytGCsIDpL70BC%2Fuploads%2Fgit-blob-f08de8ceccee7f3652aff58974218eaf310b0235%2Fremediator-4.png?alt=media" alt=""><figcaption><p>Exclude Remediators</p></figcaption></figure>

To apply the Containment Action, once you are done excluding Remediators, click "Run"

Once the group is run, you can retry specific actions that fail. You can also undo specific actions, provided the category allows the undo function. Not all categories allow undo; for instance, actions like revoking user sessions are not reversible.

If you have any errors, engage your Dropzone AI support representative.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.dropzone.ai/integrations/remediator.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.