Contact sales
Details

This incident response workflow allows you to isolate hosts involved in an incident using Cisco Secure Endpoint from a playbook or using an automation rule. When using this workflow in a playbook, the user selects which hosts to isolate. When using this workflow with an incident automation rule, all target hosts involved in the incident are isolated.

Description

This incident response workflow allows you to isolate hosts involved in an incident using Cisco Secure Endpoint from a playbook or using an automation rule. When using this workflow in a playbook, the user selects which hosts to isolate. When using this workflow with an incident automation rule, all target hosts involved in the incident are isolated. Supported observables: hostname, Secure Endpoint computer GUID

Targets: Secure Endpoint - v1

Steps:

  • Detect the start type and extract the supported observables
  • Check if any supported observables were found (if not, end the workflow)
  • For each observable:
    • Check this observable's type:
      • If a hostname, search for it in Secure Endpoint and set the local GUID variable
      • If a computer GUID, set the local GUID variable
    • Fetch the endpoint and extract its hostname
    • Isolate the endpoint
    • Check if the endpoint was isolated and update the workflow result
Required targets

This workflow requires the following targets to be available before it can be run.

Integration targets

  • Secure Endpoint
About
Author
Cisco
Version
v1.1
Intent
Incident Response
Integration
Average rating
5.0 out of 5
Authorship
Cisco Managed
Contact and support information
https://support.cisco.com
External links

Content Licensing

Developer Community

Related workflows
Logo for Secure Endpoint
Cisco Secure Endpoint - Add Hashes to Simple Custom Detections
Cisco Managed
This incident response workflow allows you to add hashes involved in an incident to a simple custom detection list in Cisco Secure Endpoint through a playbook or using an automation rule.
Incident Response
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Exclusion List Export
Community
# Cisco Secure Endpoint Exclusion List Export Workflow The Workflow will list exclusion lists of Cisco Secure Endpoint for validating and review.
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Find Duplication GUIDs
Community
This workflow will list duplicate GUIDs in Cisco Secure Endpoint for validation and review.
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Get Vulnerability Summary for Assets
Cisco Managed
This incident response workflow fetches vulnerability information from Cisco Secure Endpoint for assets involved in an incident when triggered from a playbook or using an automation rule.
Incident Response
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Host Isolation with Tier 2 Approval
Cisco Managed
This workflow appears in the pivot menu and allows you to request approval to isolate a host using Cisco Secure Endpoint.
Pivot Menu
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Isolate Hosts
Cisco Managed
This incident response workflow allows you to isolate hosts involved in an incident using Cisco Secure Endpoint from a playbook or using an automation rule.
Incident Response
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Move Computer to Group
Cisco Managed
This workflow appears in the pivot menu and will move the endpoint identified by the provided observable to a device group in Cisco Secure Endpoint.
Pivot Menu
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Move Computers to Group
Cisco Managed
This incident response workflow allows you to move computers to a group in Cisco Secure Endpoint from a playbook or using an automation rule.
Incident Response
Learn more