Types of remediation scripts

There are 3 types of remediation scripts:

• An Endpoint Script runs automatically when endpoint incidents are triggered. Because the script is run on an endpoint device, it should have minimal CPU and disk space requirements. In addition, the script should not assume the endpoint computer is part of the network, and it should be smaller than 5 MB.
• An Incident Management Script runs on incidents selected in the Incident Report. To activate this script:
  1. Open an incident on the Main > Reporting > Data Loss Prevention > Incidents page.
  2. Click Remediate > Run Remediation Script in the toolbar at the top of the content pane.
  3. Select which script to run.

  The script can be used to automate tasks such as opening a CRM case. It is not executed automatically.

• A Policy Script runs automatically when data loss prevention and discovery incidents are triggered. For example, the script might encrypt data detected in discovery breaches or perform an action in a DRM system. Because the script is associated with the network server, it can be larger and more demanding of CPU resources, and it can make use of other tools in the network.

Note that the Policy Script can only be run by the Policy Engine of the System Module that analyzed the incident.

The system provides 3 scripts for network file system and endpoint discovery. These scripts can be used to copy or move content detected in breaches. See Copying or moving discovered files section for details.

For information on writing your own scripts, see Creating Remediation Scripts on the Forcepoint support site.