OpenText Decision Service - OpenText Webroot Unity Integration and Automation

Common Integration Use Cases Between OpenText Decision Service and OpenText Webroot Unity

OpenText Decision Service and OpenText Webroot Unity complement each other well in environments where security events must trigger consistent, policy-driven business actions. OpenText Webroot Unity detects and manages endpoint threats, while OpenText Decision Service applies centralized rules to determine the right operational response based on risk, user profile, asset criticality, and business policy.

• Automated endpoint isolation based on threat severity

  Data flow: OpenText Webroot Unity to OpenText Decision Service to security tools or workflow systems

  When OpenText Webroot Unity identifies malware, ransomware, or suspicious behavior on a device, the event is sent to OpenText Decision Service. The decision engine evaluates the alert against business rules such as device type, user role, location, and threat confidence. High-risk endpoints can be automatically isolated, disabled from network access, or escalated to incident response, while lower-risk cases can be routed for analyst review. This reduces response time and ensures consistent containment decisions.

• Risk-based access restriction for compromised users or devices

  Data flow: OpenText Webroot Unity to OpenText Decision Service to identity and access management systems

  If a device is flagged as compromised, OpenText Decision Service can determine whether the associated user should retain access to corporate applications. For example, a finance user on a clean corporate laptop may keep access, while a contractor on an infected unmanaged device may be blocked from sensitive systems. This supports adaptive access control and helps prevent lateral movement after a security event.

• Automated incident prioritization for security operations

  Data flow: OpenText Webroot Unity to OpenText Decision Service to SIEM, ticketing, or case management

  Security teams often receive large volumes of endpoint alerts. OpenText Decision Service can apply rules to prioritize incidents based on business impact, such as executive devices, regulated data users, or critical servers. Alerts meeting defined criteria can be auto-classified as high priority and sent to the appropriate SOC queue, while routine detections are grouped or deferred. This improves analyst productivity and helps teams focus on the most important threats first.

• Policy-driven remediation workflow selection

  Data flow: OpenText Webroot Unity to OpenText Decision Service to workflow orchestration or endpoint response tools

  Not every threat should trigger the same remediation path. OpenText Decision Service can decide whether to run an automated cleanup, request user confirmation, notify the help desk, or open a formal incident based on the threat type and endpoint context. For example, a phishing-related browser event may trigger user education and password reset steps, while ransomware indicators may trigger immediate containment and forensic capture. This creates more precise and efficient remediation.

• Exception handling for business-critical devices

  Data flow: Bi-directional between OpenText Webroot Unity and OpenText Decision Service

  Some endpoints, such as manufacturing controllers, point-of-sale devices, or executive laptops, require special handling. OpenText Decision Service can use rules to determine whether a security action should be delayed, approved by a manager, or executed with compensating controls. OpenText Webroot Unity provides the threat status, and the decision engine applies business exceptions so critical operations are not disrupted unnecessarily. This balances security enforcement with operational continuity.

• Automated compliance reporting and audit trail generation

  Data flow: OpenText Webroot Unity to OpenText Decision Service to reporting or governance systems

  Organizations in regulated industries need evidence of how endpoint threats were handled. OpenText Decision Service can record the rule applied, the decision made, and the resulting action for each security event received from OpenText Webroot Unity. This creates a clear audit trail showing why a device was quarantined, why a case was escalated, or why an exception was granted. The result is stronger compliance support and easier audit preparation.

• Conditional user notification and self-service response

  Data flow: OpenText Webroot Unity to OpenText Decision Service to employee communication or service desk platforms

  When a threat is detected, OpenText Decision Service can decide whether the user should receive an immediate notification with guided remediation steps or whether the issue should be handled silently by IT. For low-risk events, users can be prompted to restart the device, change a password, or contact support through self-service channels. For higher-risk events, the system can suppress user interaction and route directly to security operations. This improves response consistency and reduces help desk load.

• Threat intelligence driven business rule updates

  Data flow: OpenText Webroot Unity to OpenText Decision Service

  As OpenText Webroot Unity updates threat intelligence and detection confidence, OpenText Decision Service can use that information to refine decision rules. For example, newly emerging ransomware indicators can automatically increase the severity threshold for containment, while trusted detections from known safe software can be excluded from escalation. This keeps business rules aligned with current threat conditions without changing application code.

Together, OpenText Webroot Unity provides the security signal and OpenText Decision Service provides the business decision layer. The integration enables faster containment, better prioritization, more consistent policy enforcement, and stronger alignment between cybersecurity operations and business requirements.