When PowerSEC raises an incident, you can go from alert to closed receipt without leaving the platform.
1. Receive the alert
You will get an email or dashboard notification:
[PowerSEC] Critical: malware found on site acme.com
Files: 2 · Score: 92 · Detected: 14:02 UTC
Click the link or open Dashboard → Incidents.
2. Open the incident
The incident page shows:
- Type: Malware / Brute Force / Downtime / WAF Attack / etc.
- Severity: Critical / High / Medium / Low
- Affected site and which files or endpoints triggered it
- Runbook steps if available for your plan
3. Follow the runbook
For each incident type, PowerSEC shows step-by-step actions:
Malware detected:
- Review flagged files in the incident detail
- Click Quarantine on any suspicious file
- Investigate the likely entry point (vulnerable plugin?)
- Update or disable the vulnerable plugin
- Re-scan to confirm clean
- Mark resolved
Brute force:
- Block the attacking IP from the Firewall tab
- Reset any compromised admin passwords
- Enable 2FA if not already active
- Mark resolved
4. Mark as resolved
Click Resolve incident at the top of the incident page. You can add a resolution note for your audit trail.
5. Review
For Critical incidents: 15 minutes after resolution, review what allowed the attack and update your rules.