Palo Alto Networks Cortex XDR - Isolate Endpoint
Details
This workflow appears in the pivot menu and allows a user to isolate an endpoint in Palo Alto Networks Cortex XDR.
Description
This workflow appears in the pivot menu and allows a user to isolate an endpoint in Palo Alto Networks Cortex XDR. Supported observables: hostname, IP address, PAN Cortex XDR agent ID
Target: Palo Alto Networks Cortex XDR - v1
Steps:
- Determine which observable type was provided:
- If a Cortex Agent ID, set the local ID variable
- If a hostname or IP address, search for the endpoint and set the local ID variable (if an endpoint isn't found, end the workflow)
- Request the endpoint be isolated
Required targets
This workflow requires the following targets to be available before it can be run.
Integration targets
- Palo Alto Networks Cortex XDR
About
Author
Cisco
Version
v1.2
Intent
Pivot Menu
Integration
Average rating
No ratings yet
Authorship
Cisco Managed
Contact and support information
External links
Related workflows
Cisco Managed
This workflow appears in the pivot menu and allows a user to add a file hash to an allow list in Palo Alto Networks Cortex XDR.
Cisco Managed
This workflow appears in the pivot menu and allows a user to add a file hash to a block list in Palo Alto Networks Cortex XDR.
Cisco Managed
This workflow appears in the pivot menu and allows a user to isolate an endpoint in Palo Alto Networks Cortex XDR.
Cisco Managed
This workflow appears in the pivot menu and allows a user to trigger an endpoint scan in Palo Alto Networks Cortex XDR.
Cisco Managed
This workflow appears in the pivot menu and allows a user to unisolate an endpoint in Palo Alto Networks Cortex XDR.