Contact sales
Details

This workflow appears in the pivot menu and allows a user to quarantine a device in Darktrace /NETWORK.

Description

This workflow appears in the pivot menu and allows a user to quarantine a device in Darktrace /NETWORK. Note that the quarantine action is configured to expire after 2 days by default. Supported observables: hostname, IP address, MAC address, Darktrace ID

Target: Darktrace /NETWORK

Steps:

  • Determine which observable type was provided:
    • If a Darktrace ID, set the local ID variable
    • If a hostname, IP address, or MAC address, search for the device and set the local ID variable (if a device isn't found, end the workflow)
  • Request the device be quarantined
Required targets

This workflow requires the following targets to be available before it can be run.

Integration targets

  • Darktrace DETECT & RESPOND
About
Author
Cisco
Version
v1.2
Integration
Average rating
5.0 out of 5
Authorship
Cisco Managed
Contact and support information
https://support.cisco.com
External links

Content Licensing

Developer Community

Related workflows
Logo for Darktrace /NETWORK
Darktrace /NETWORK - Quarantine Device
Cisco Managed
This workflow appears in the pivot menu and allows a user to quarantine a device in Darktrace /NETWORK.
Learn more
Logo for Darktrace /NETWORK
Darktrace /NETWORK - Unquarantine Device
Cisco Managed
This workflow appears in the pivot menu and allows a user to unquarantine a device in Darktrace /NETWORK.
Learn more