What is a recovery group in Cohesity Recovery Agent?

A recovery group is a coordinated collection of resources and tools designed to restore systems after cyber attacks or outages. It acts as a digital jump bag that can be configured with automated workflows, threat scanning capabilities, and rehearsal options to ensure incident responders have everything they need during an emergency.

How do blueprints help with incident response automation?

Blueprints are automated runbooks that define recovery options, dependencies, and automation rules to ensure consistent and efficient incident response. They can perform threat scans, orchestrate recovery sequences, create clean room environments, and execute workflows that bring systems back online quickly and safely after ransomware attacks.

Incident Response Automation with Recovery Agent

Name: Incident Response Automation with Recovery Agent
Uploaded: 2026-03-12T15:39:29-04:00
Duration: 6 min 35 s
Description: TL;DR Recovery Agent automates incident response workflows through recovery groups and blueprints that act as digital jump bags, enabling organizations to orchestrate recovery from ransomware attacks and disasters without manual coordination Blueprints...

Cohesity

03/12/2026

0 (0%)

Report Like Favorite

TL;DR

Recovery Agent automates incident response workflows through recovery groups and blueprints that act as digital jump bags, enabling organizations to orchestrate recovery from ransomware attacks and disasters without manual coordination
Blueprints function as automated runbooks with threat scanning, rehearsal capabilities, and dependency management, allowing teams to test recovery procedures before actual emergencies and ensure tools function properly
Clean room environments can be automatically provisioned with isolated workloads and forensic tools, enabling incident responders to investigate compromised systems safely while preventing further spread of attacks
New Copilot integration streamlines the creation of recovery groups and blueprints through guided workflows, reducing the complexity of configuring automated recovery procedures for critical workloads

Orchestrated Recovery for Cyber Incidents

This demonstration showcases Cohesity Recovery Agent, a feature within DataProtect designed to automate and orchestrate recovery workflows during ransomware attacks, data disasters, and catastrophic events. The presentation focuses on incident response scenarios where organizations need to isolate compromised systems in clean room environments while maintaining access to forensic tools. Recovery Agent introduces the concept of recovery groups that act as digital jump bags, providing incident responders with pre-configured, automated workflows that can be tested and rehearsed before actual emergencies occur. The solution addresses the challenge of coordinating recovery efforts without guesswork or miscommunication, particularly for critical workloads requiring rapid recovery time objectives.

Blueprints and Automated Workflows

The core functionality revolves around blueprints, which serve as automated runbooks for recovery operations. These blueprints enable organizations to define recovery options, dependencies, and automation rules that execute consistently across different scenarios. The demonstration highlights threat-aware workflows that perform automated threat scans and rehearsals on both digital jump bag components and application infrastructure before recovery. Blueprints can be configured to recover specific snapshot versions, allowing incident responders to analyze potentially infected backups in isolated environments. The system includes built-in reporting capabilities that document each step of the recovery process, providing audit trails for internal documentation and compliance requirements. A new Copilot integration further simplifies the creation of recovery groups and blueprints through guided workflows.

Chapters

0:00 - Introduction and Use Case
1:04 - Recovery Groups Overview
2:15 - Configuration and Blueprints
3:14 - Blueprint Workflow Demonstration
4:13 - Running and Monitoring Blueprints
5:20 - Copilot Integration

Key Quotes

0:15 "Our customers are telling us that they need the ability to orchestrate recovery from a wide variety of situations that include data disasters, catastrophic events and cyber attacks."
1:08 "As an incident responder, I can use recovery groups to accelerate incident response and disaster recovery during a ransomware attack. I can automate workflows without guesswork or miscommunication."
1:51 "And if you've ever worked with digital jump bags, you know that it's important not to wait for an actual emergency to use it for the first time."
2:32 "You can think of a blueprint as an automated workflow. It's designed to help bring your systems back online quickly and safely after a ransomware attack."
3:50 "This gives us a workflow that's threat aware and repeatable."

Categories: