Contact sales
Details

This workflow looks for endpoints in Cisco Secure Endpoint that have been inactive for a specified number of days.

Description

This workflow looks for endpoints in Cisco Secure Endpoint that have been inactive for a specified number of days. If inactive endpoints are found, a list is compiled and they are deleted. If a group name is provided, only endpoints in that group will be considered for removal. An optional approval task can be used to request approval prior to deletion.

Target: Cisco Secure Endpoint - v1

Steps:

  • Validate the input and detect the XDR region
  • If a group name was provided, attempt to find its GUID (end the workflow if unsuccessful)
  • Calculate the date before which endpoints will be removed
  • Fetch computers:
    • Check if the computer should be removed
    • Update the local variables with the new lists
    • Check if there's a next page to parse
  • Check if there are endpoints to remove:
    • If not, end the workflow
    • If there are:
      • Check if approval is required (if so, request it and wait)
      • Loop through each computer:
        • Attempt to delete the computer and check if the request was successful
Required targets

This workflow requires the following targets to be available before it can be run.

Integration targets

  • Secure Endpoint
About
Author
Cisco
Version
v1.2
Integration
Average rating
5.0 out of 5
Authorship
Cisco Managed
Contact and support information
https://support.cisco.com
External links

Content Licensing

Developer Community

Related workflows
Logo for Secure Endpoint
Cisco Secure Endpoint - Add Hashes to Simple Custom Detections
Cisco Managed
This incident response workflow allows you to add hashes involved in an incident to a simple custom detection list in Cisco Secure Endpoint through a playbook or using an automation rule.
Incident Response
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Exclusion List Export
Community
# Cisco Secure Endpoint Exclusion List Export Workflow The Workflow will list exclusion lists of Cisco Secure Endpoint for validating and review.
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Find Duplication GUIDs
Community
This workflow will list duplicate GUIDs in Cisco Secure Endpoint for validation and review.
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Get Vulnerability Summary for Assets
Cisco Managed
This incident response workflow fetches vulnerability information from Cisco Secure Endpoint for assets involved in an incident when triggered from a playbook or using an automation rule.
Incident Response
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Host Isolation with Tier 2 Approval
Cisco Managed
This workflow appears in the pivot menu and allows you to request approval to isolate a host using Cisco Secure Endpoint.
Pivot Menu
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Isolate Hosts
Cisco Managed
This incident response workflow allows you to isolate hosts involved in an incident using Cisco Secure Endpoint from a playbook or using an automation rule.
Incident Response
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Move Computer to Group
Cisco Managed
This workflow appears in the pivot menu and will move the endpoint identified by the provided observable to a device group in Cisco Secure Endpoint.
Pivot Menu
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Move Computers to Group
Cisco Managed
This incident response workflow allows you to move computers to a group in Cisco Secure Endpoint from a playbook or using an automation rule.
Incident Response
Learn more