Microsoft Defender for Endpoint - Release Machine from Isolation
Details
This workflow appears in the pivot menu and allows a user to release a machine from isolation in Microsoft Defender for Endpoint.
Description
This workflow appears in the pivot menu and allows a user to release a machine from isolation in Microsoft Defender for Endpoint. Supported observables: Microsoft Defender Machine ID, hostname, IP address
Target: Microsoft Defender for Endpoint
Steps:
- Determine which observable type was provided:
- If a Microsoft Defender Machine ID, set the local ID variable
- If a hostname or IP, search for the machine and set the local ID variable (if a machine isn't found, end the workflow)
- Request the machine be released from isolation
Required targets
This workflow requires the following targets to be available before it can be run.
Integration targets
- Microsoft Defender for Endpoint
About
Author
Cisco
Version
v1.2
Intent
Pivot Menu
Integration
Average rating
No ratings yet
Authorship
Cisco Managed
Contact and support information
External links
Related workflows
Cisco Managed
This workflow appears in the pivot menu and allows a user to block an indicator of compromise (IOC) in Microsoft Defender for Endpoint.
Cisco Managed
This workflow appears in the pivot menu and allows a user to unisolate a machine in Microsoft Defender for Endpoint.
Cisco Managed
This workflow appears in the pivot menu and allows a user to release a machine from isolation in Microsoft Defender for Endpoint.
Cisco Managed
This workflow appears in the pivot menu and allows a user to unblock an indicator of compromise (IOC) in Microsoft Defender for Endpoint.