INCIDENT MODE

Manage incidents, even when you're on the move.

Security incidents do not respect office hours. The Incident Mode in Vyrex Mobile allows operators and device owners to actively participate in incident response — mobile, secure, documented.

Incident · Aktiv
Incident · Aktiv
Auto-Fix · genehmigen
Auto-Fix · genehmigen
AUTO-FIX-GENEHMIGUNG

Vier-Augen-Prinzip in einem Tap

Jede Maßnahme zeigt: was Vyrex tun will, welche Schritte geplant sind, Rollback-Status, geschätzte Dauer. Customer-Owner genehmigt aus dem Bett — ohne SSH, ohne Laptop.

Maßnahme · echte Steps
Maßnahme · echte Steps

Vollständige Transparenz. Jede geplante Aktion ist nummeriert: fail2ban-Regel hinzufügen, Authentik Rate-Limit reduzieren, Edge-Firewall-Block, Audit-Report. Sie sehen vorher, was passieren wird.

Rollback-Plan inkludiert. Für jede Maßnahme prüft Vyrex vorab: ist Rollback möglich? Wird hier dokumentiert. Bei „nicht möglich" gehen Sie ins Vyrex-Portal für die detaillierte Risiko-Abschätzung.

Audit-Trail garantiert. Wer hat wann was freigegeben, mit welchem Begründungstext. Wird in audit_log der Vyrex-DB und in den Monthly-Security-Report aufgenommen.

ABLAUF

How incident mode works

  1. 01

    Incident active

    An operator activates incident mode in the Vyrex portal for one or more incidents. Affected users are notified by push.

  2. 02

    Device owner informed

    The companion app displays an incident banner with a description and action options. No ambiguous notifications.

  3. 03

    Share location (optional)

    Device owners can voluntarily and time-limitedly share their location — e.g. to confirm they are not at the office premises.

  4. 04

    Approve fix actions

    The operator proposes an action (e.g. reset VPN credentials). The device owner confirms or declines — directly in the app.

  5. 05

    Report status

    Device owner reports back: device secured, access changed, device lost. All feedback flows into the incident record.

  6. 06

    Incident closed

    Operator closes incident mode. All actions, approvals and timestamps are recorded in the audit log.

FÄHIGKEITEN

What incident mode enables

01

Mobile fix approvals

Operators can propose actions that the device owner confirms directly in the app — without email delays.

02

Temporary location data

Voluntary, time-limited location sharing by the device owner. Duration and purpose are transparently documented.

03

Status messages

Device owners can send defined status messages (device secure / device lost / credentials changed).

04

Acknowledge escalations on mobile

Open escalations can be acknowledged directly in the companion app — outside the portal as well.

05

Lock device (opt-in)

With explicit consent, a device owner can put their own device into a restricted mode through the app.

06

Incident log

All actions, timestamps, approvals and status messages are automatically logged and viewable in the portal.

EINWILLIGUNG

Privacy in incident mode

Incident mode never accesses additional data without the device owner's knowledge. All extended permissions (location, device lock opt-in) are voluntary and explicitly requested in the app.

  • Location data only with active, time-limited release by the device owner
  • No automatic activation of extended permissions by the employer
  • All approvals and rejections are stored with timestamp in the audit log
  • Revocation of a permission is possible at any time in the app
RUSTDESK

Integration with RustDesk

For devices active in incident mode, an optional RustDesk remote access session can be initiated — exclusively with explicit consent from the device owner and only for the duration of the active incident.

FAQ

Häufige Fragen

Can my employer activate incident mode without my knowledge?+

Incident mode is activated and the device owner is notified by push. Extended permissions (location etc.) require active consent in the app — the employer cannot activate them unilaterally.

What happens to location data after the incident?+

Location data is automatically deleted after the incident is closed. The audit log retains the period of consent, not the actual coordinates.

Can I decline a proposed fix action?+

Yes. Every proposed action can be declined in the app. The refusal is logged with a timestamp; the operator can then escalate.

How long can incident mode stay active?+

There is no technical time limit. Best practice is to close incident mode after actions are completed. After 72 hours of activity the portal generates a reminder.