Contact sales
Details

This incident response workflow allows you to un-isolate hosts involved in an incident using Cisco Secure Endpoint from a playbook or using an automation rule. When using this workflow in a playbook, the user selects which hosts to un-isolate. When using this workflow with an incident automation rule, all target hosts involved in the incident are un-isolated.

Description

This incident response workflow allows you to un-isolate hosts involved in an incident using Cisco Secure Endpoint from a playbook or using an automation rule. When using this workflow in a playbook, the user selects which hosts to un-isolate. When using this workflow with an incident automation rule, all target hosts involved in the incident are un-isolated. Supported observables: hostname, Secure Endpoint computer GUID

Targets: Secure Endpoint - v1

Steps:

  • Detect the start type and extract the supported observables
  • Check if any supported observables were found (if not, end the workflow)
  • For each observable:
    • Check this observable's type:
      • If a hostname, search for it in Secure Endpoint and set the local GUID variable
      • If a computer GUID, set the local GUID variable
    • Fetch the endpoint and extract its hostname
    • Un-isolate the endpoint
    • Check if the endpoint was un-isolated and update the workflow result
Required targets

This workflow requires the following targets to be available before it can be run.

Integration targets

  • Secure Endpoint
About
Author
Cisco
Version
v1.0
Intent
Incident Response
Integration
Average rating
No ratings yet
Authorship
Cisco Managed
Contact and support information
https://support.cisco.com
External links

Content Licensing

Developer Community

Related workflows
Logo for Secure Endpoint
Cisco Secure Endpoint - Add Hashes to Simple Custom Detections
Cisco Managed
This incident response workflow allows you to add hashes involved in an incident to a simple custom detection list in Cisco Secure Endpoint through a playbook or using an automation rule.
Incident Response
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Exclusion List Export
Community
# Cisco Secure Endpoint Exclusion List Export Workflow The Workflow will list exclusion lists of Cisco Secure Endpoint for validating and review.
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Find Duplication GUIDs
Community
This workflow will list duplicate GUIDs in Cisco Secure Endpoint for validation and review.
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Get Vulnerability Summary for Assets
Cisco Managed
This incident response workflow fetches vulnerability information from Cisco Secure Endpoint for assets involved in an incident when triggered from a playbook or using an automation rule.
Incident Response
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Host Isolation with Tier 2 Approval
Cisco Managed
This workflow appears in the pivot menu and allows you to request approval to isolate a host using Cisco Secure Endpoint.
Pivot Menu
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Isolate Hosts
Cisco Managed
This incident response workflow allows you to isolate hosts involved in an incident using Cisco Secure Endpoint from a playbook or using an automation rule.
Incident Response
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Move Computer to Group
Cisco Managed
This workflow appears in the pivot menu and will move the endpoint identified by the provided observable to a device group in Cisco Secure Endpoint.
Pivot Menu
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Move Computers to Group
Cisco Managed
This incident response workflow allows you to move computers to a group in Cisco Secure Endpoint from a playbook or using an automation rule.
Incident Response
Learn more