After determining that a high-risk user account maintains a lower risk score, remove the account from the Zscaler restricted user group using the Response Management app.
This task is supported by the following services:
 |
ImportantThe response action is available only after you have
configured
Zscaler Internet Access integration in Third-Party Integration.
|
Procedure
- In the Response Management app, find the user account and
click the options button (
) at the right of the row. - Click Remove from Zscaler Restricted User Group.The Remove from Zscaler Restricted User Group screen appears.
- Confirm the targets of the response.
- Specify a Description for the response or event.
- Click Create.Trend Vision One creates the task and displays the current task status in Response Management.
- Monitor the task status.
- Open Response Management.
- (Optional) Locate the task using the Search field or by selecting Remove from Zscaler Restricted User Group from the Action drop-down list.
- View the task status.
-
In progress (
): Trend Vision One sent the command
and is waiting for a response. -
Successful (
): The command was successfully
executed. -
Partially successful (
): The task was unsuccessful on one
or more IAM service -
Unsuccessful (
): The task was unsuccessful on all connected IAM
services -
Pending approval (
): The task is pending approval from specified users -
Rejected (
): The task has been rejected -
Queued (
): The managing server queued the
command because the agent was offline. -
Manually terminated (
): The task has been manually terminated
-