Remote connection to a workload

As part of your investigation into an attack, EDR enables you to remotely access the workload under investigation.

To remotely connect to a workload

1. In the cyber kill chain, click the workload node you want to remotely connect to.
2. In the displayed sidebar, click the Response Actions tab.

3. In the Investigate section, click Remote desktop connection.

   

4. Select one of the following remote connection methods:
   • Connect via RDP client: This method will prompt you to download and install the Remote Desktop Connection Client. You can then remotely connect to a workload from the Cyber Protect console.
   • Connect via Web client: This method does not require the installation of an RDP client on your workload. You are redirected to the login screen where your credentials to the remote machine have to be entered.

   When the remote connection is started, this action can be viewed in the Activities tabs of both the individual node and the entire incident. For more information, see Understand the actions taken to mitigate an incident.