Contact sales
Details

This incident response workflow allows you to move computers to a group in Cisco Secure Endpoint from a playbook or using an automation rule. When using this workflow in a playbook, the user selects which endpoints to move. When using this workflow with an incident automation rule, all assets involved in the incident are moved.

Description

This incident response workflow allows you to move computers to a group in Cisco Secure Endpoint from a playbook or using an automation rule. When using this workflow in a playbook, the user selects which endpoints to move. When using this workflow with an incident automation rule, all assets involved in the incident are moved. Supported observables: hostname, Secure Endpoint Computer GUID

Target: Secure Endpoint - v1

Steps:

  • Fetch the group from Secure Endpoint (if this fails, end the workflow)
  • Detect the start type and compile the observables
  • For each observable:
    • If a hostname, search for it in Secure Endpoint and add its GUID to the list
    • If a computer GUID, add it to the GUID list
  • Check if any GUIDs were found:
    • If not, end the workflow
    • If GUIDs were found:
      • Split the GUID list and loop through each one:
        • Fetch the endpoint and extract its hostname
        • Attempt to move the computer and update the workflow results
Required targets

This workflow requires the following targets to be available before it can be run.

Integration targets

  • Secure Endpoint
About
Author
Cisco
Version
v1.0
Intent
Incident Response
Integration
Average rating
No ratings yet
Authorship
Cisco Managed
Contact and support information
https://support.cisco.com
External links

Content Licensing

Developer Community

Related workflows
Logo for Secure Endpoint
Cisco Secure Endpoint - Add Hashes to Simple Custom Detections
Cisco Managed
This incident response workflow allows you to add hashes involved in an incident to a simple custom detection list in Cisco Secure Endpoint through a playbook or using an automation rule.
Incident Response
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Exclusion List Export
Community
# Cisco Secure Endpoint Exclusion List Export Workflow The Workflow will list exclusion lists of Cisco Secure Endpoint for validating and review.
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Find Duplication GUIDs
Community
This workflow will list duplicate GUIDs in Cisco Secure Endpoint for validation and review.
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Get Vulnerability Summary for Assets
Cisco Managed
This incident response workflow fetches vulnerability information from Cisco Secure Endpoint for assets involved in an incident when triggered from a playbook or using an automation rule.
Incident Response
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Host Isolation with Tier 2 Approval
Cisco Managed
This workflow appears in the pivot menu and allows you to request approval to isolate a host using Cisco Secure Endpoint.
Pivot Menu
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Isolate Hosts
Cisco Managed
This incident response workflow allows you to isolate hosts involved in an incident using Cisco Secure Endpoint from a playbook or using an automation rule.
Incident Response
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Move Computer to Group
Cisco Managed
This workflow appears in the pivot menu and will move the endpoint identified by the provided observable to a device group in Cisco Secure Endpoint.
Pivot Menu
Learn more
Logo for Secure Endpoint
Cisco Secure Endpoint - Move Computers to Group
Cisco Managed
This incident response workflow allows you to move computers to a group in Cisco Secure Endpoint from a playbook or using an automation rule.
Incident Response
Learn more