OpenText Webroot Unity - OpenText Legal Hold Integration and Automation

Common Integration Use Cases Between OpenText Webroot Unity and OpenText Legal Hold

• Automated legal hold trigger from security incidents
  When OpenText Webroot Unity detects a serious incident such as ransomware, data exfiltration, or targeted phishing against a specific user group, it can send an alert to OpenText Legal Hold to initiate a legal hold review for affected custodians and systems. This helps legal teams preserve potentially relevant evidence before it is altered or deleted.
• Custodian risk-based hold expansion
  If Webroot Unity identifies a compromised endpoint belonging to a key employee, executive, or finance user, the incident can be passed to OpenText Legal Hold to expand the hold scope to include that custodian and related devices. This supports faster preservation of evidence tied to investigations, disputes, or regulatory inquiries.
• Preservation of security investigation artifacts
  OpenText Webroot Unity can forward incident details, threat logs, alert timelines, and remediation actions to OpenText Legal Hold so legal teams can preserve security evidence associated with a matter. This reduces the risk of losing forensic data needed for eDiscovery, internal investigations, or litigation defense.
• Legal hold awareness for endpoint remediation teams
  OpenText Legal Hold can provide hold status information back to OpenText Webroot Unity or a connected IT workflow so security administrators know which endpoints, users, or data sources are under preservation requirements. This helps prevent remediation actions that could overwrite or remove evidence on held systems.
• Incident-driven compliance workflow
  When Webroot Unity flags a malware event that may indicate a broader compliance issue, the event can create a review task in OpenText Legal Hold for legal and compliance teams. They can assess whether the incident requires formal preservation, internal investigation, or regulatory notification support.
• Centralized tracking of custodians involved in cyber events
  OpenText Webroot Unity can identify users impacted by phishing, credential theft, or suspicious activity and pass those identities to OpenText Legal Hold. Legal teams can then track custodians, assign hold notices, and document acknowledgment in one controlled process.
• Retention exception control during active matters
  OpenText Legal Hold can notify OpenText Webroot Unity when a device or user is subject to a hold, enabling security teams to avoid automated cleanup or aggressive endpoint reset actions that could interfere with preservation obligations. This supports better coordination between cybersecurity operations and legal preservation requirements.
• Post-incident evidence preservation and audit readiness
  After Webroot Unity resolves a security incident, it can send a summary of affected endpoints, threat indicators, and remediation timestamps to OpenText Legal Hold for audit and matter documentation. This creates a defensible record that supports litigation readiness, compliance audits, and internal governance.