When PowerSEC raises an incident, you can go from alert to closed receipt without leaving the platform. Here is the canonical flow.
1. Receive the alert
[PowerSEC] Critical: malware found on site acme.com
Files: 2 · Score: 92 · Detected: 14:02 UTC
→ https://app.powersec.io/i/INC-4421
2. Open the incident — see the evidence
The incident page shows the matched signatures, the file paths, the snippet that triggered the rule, and a recommended action. PowerSEC AI has already drafted a triage plan.
3. Run the safe action
# Quarantine the offending files (reversible) — no manual SSH needed.
Action: "Quarantine 2 files" → Confirm
4. Verify with a fresh scan
Action: "Re-scan now" → Wait ~60s
Result: 0 matches ✓
5. Close with a receipt
The receipt records: who acted, what was changed, the before/after hash of every touched file, and the rule version that detected the original issue. Keep it for compliance — every action is signed and tamper-evident.