How are you retrieving artifacts/potential malware from hosts for analysis?

Hello,
I am in charge of cybersecurity for a small business. lets say one of my hosts has malware on it.
The current situation: For hids I have Wazuh, sysmon and osquery all centralized in Security Onion.
I found a very suspicious named pipe, corresponding scheduled task and then finally I found a suspicious Javascript file. I want to extract this file from the host to analyze..
RDP is off the table, as I believe this would store my (hash/creds) …

analysis artifacts business current cybersecurity hello hids malware onion osquery scheduled task security sysmon task wazuh