# Remediation & Response Management

Remediation and Response management actions can be triggered through the artifact grids and classification rules. Remediation and Response actions are executed through functions. They can be reviewed, and new functions can be added by "Response Management" -> "Windows/Linux Remediation Functions". To create a new function, please press the "+Job" button. Custom functions can be created by using PowerShell commands and bat/bash scripts. For each remediation function, it is possible to define which grids the action will be available.

To monitor active jobs, please go to "Response Management" -> "Windows/Linux Remediation". Current jobs can be enabled, disabled, or removed through the "…" button. The remediation summary section is accessible to review the state of all active jobs by "Response Management" -> "Windows/Linux Remediation" -> "Windows/Linux Remediation Summary". Response actions can be triggered for an artifact on the grids by right-clicking on the artifact and selecting the "Remediate" option. The task can be created for a single device, a group, or all devices. A job can run continuously, remaining active as long as it is manually disabled. Devices can also run the job once or on every communication cycle to the server. Once the parameters are set, click the "OK" button to create a remediation/response job.

The job history can be seen by "Response Management" -> "Windows/Linux Remediation" -> "Windows/Linux Remediation Logs". To create an automated remediation/response job, edit a classification rule with "Notify on Match" or "Notify on Non-Existence." From the rule settings, add a notification by clicking the "+Notification" button. An existing remediation/response job can be selected, or a new one can be created by clicking the "+Notification Setting" button once the job type is selected. All parameters can be configured.

For SSH and Powershell based remediation functions, values of grids can be used. $#{\<column-name} is used for the values of columns within the grids. ##{\<variable-name} is used to request a value from the user on execution. &#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cloudcyte.com/getting-started/configuring-modules/remediation-and-response-management.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.