Running the remote command line

As part of your investigation into an attack, you can remotely run the command line of the workload under investigation.

To remotely run the command line of a workload

1. In the cyber kill chain, click the workload node to which you want to connect remotely.
2. In the displayed sidebar, click the Response Actions tab.

3. Depending on the workload's operating system, do one of the following:

   • [For Windows workloads] In the Investigate section, expand Remote command-line interface, and then click Run command line.
   • [For macOS workloads] In the Investigate section, expand Remote Terminal, and then click Run Terminal.