Step-by-step guide for handling and remediating compromised accounts in Petra
The Remediation Actions panel guides you through the 6 steps of remediating an account compromise:
Remediation Actions Panel
Revoke Sessions and Lock Account should be your first action when remediating a compromise
In the Remediation Actions panel, click the Revoke Sessions and Lock Account button to immediately:
Revoke Sessions and Lock Account works for all account types, including on-prem synced and hybrid accounts.
Similar phishing emails are identified automatically and can be moved to Deleted Items.
Stop others from falling for the same phish
Attackers often create persistence mechanisms to maintain access even after password changes. Petra identifies these mechanisms and lets you one-click disable them.
These include:
Remediate inbox rules and app registrations
All of these persistence mechanisms are auto-identified and can be removed in one click. Use the Remediation Actions Panel to remove them.
After removing all persistence mechanisms:
After resetting the password, you can re-enable the account.
Once all remediation steps are complete:
After remediation, the incident page remains available for:
You can always expand the remediation panel again if you need to review or modify any remediation actions taken.