Cisco Secure Endpoint - Remove Inactive Endpoints
Details
This workflow looks for endpoints in Cisco Secure Endpoint that have been inactive for a specified number of days.
Description
This workflow looks for endpoints in Cisco Secure Endpoint that have been inactive for a specified number of days. If inactive endpoints are found, a list is compiled and they are deleted. If a group name is provided, only endpoints in that group will be considered for removal. An optional approval task can be used to request approval prior to deletion.
Target: Cisco Secure Endpoint - v1
Steps:
- Validate the input and detect the XDR region
- If a group name was provided, attempt to find its GUID (end the workflow if unsuccessful)
- Calculate the date before which endpoints will be removed
- Fetch computers:
- Check if the computer should be removed
- Update the local variables with the new lists
- Check if there's a next page to parse
- Check if there are endpoints to remove:
- If not, end the workflow
- If there are:
- Check if approval is required (if so, request it and wait)
- Loop through each computer:
- Attempt to delete the computer and check if the request was successful
Required targets
This workflow requires the following targets to be available before it can be run.
Integration targets
- Secure Endpoint
About
Contact and support information
External links
Related workflows
Cisco Managed
This workflow appears in the pivot menu and allows you to request approval to isolate a host using Cisco Secure Endpoint.
Cisco Managed
This incident response workflow allows you to isolate hosts involved in an incident using Cisco Secure Endpoint from a playbook or using an automation rule.
Cisco Managed
This workflow appears in the pivot menu and will move the endpoint identified by the provided observable to a device group in Cisco Secure Endpoint.
Cisco Managed
This incident response workflow allows you to un-isolate hosts involved in an incident using Cisco Secure Endpoint from a playbook or using an automation rule.
Cisco Managed
This incident response workflow fetches vulnerability information from Cisco Secure Endpoint for assets involved in an incident when triggered from a playbook or using an automation rule.
Cisco Managed
This incident response workflow allows you to move computers to a group in Cisco Secure Endpoint from a playbook or using an automation rule.
Cisco Managed
This incident response workflow allows you to add hashes involved in an incident to a simple custom detection list in Cisco Secure Endpoint through a playbook or using an automation rule.
Cisco Managed
This incident response workflow allows you to remove hashes involved in an incident from a simple custom detection list in Cisco Secure Endpoint through a playbook or using an automation rule.