Microsoft Defender for Endpoint GCC - Un-Isolate Machine
Details
This workflow appears in the pivot menu and allows a user to release a machine from isolation in Microsoft Defender for Endpoint GCC.
Description
This workflow appears in the pivot menu and allows a user to release a machine from isolation in Microsoft Defender for Endpoint GCC. Supported observables: Microsoft Defender Machine ID, hostname, IP address.
Target: Microsoft Defender for Endpoint GCC integration target
Steps:
- Determine which observable type was provided:
- If a Microsoft Defender Machine ID, set the local ID variable
- If a hostname or IP, search for the machine and set the local ID variable (if a machine isn't found, end the workflow)
- Request the machine be released from isolation
Required targets
This workflow requires the following targets to be available before it can be run.
Integration targets
- Microsoft Defender for Endpoint GCC
About
Author
Cisco
Version
v1.0
Intent
Pivot Menu
Integration
Average rating
No ratings yet
Authorship
Cisco Managed
Contact and support information
External links
Related workflows
Cisco Managed
This workflow appears in the pivot menu and allows a user to block an indicator of compromise (IOC) in Microsoft Defender for Endpoint GCC.
Cisco Managed
This workflow appears in the pivot menu and allows a user to isolate a machine in Microsoft Defender for Endpoint GCC.
Cisco Managed
This workflow appears in the pivot menu and allows a user to release a machine from isolation in Microsoft Defender for Endpoint GCC.
Cisco Managed
This workflow appears in the pivot menu and allows a user to unblock an indicator of compromise (IOC) in Microsoft Defender for Endpoint GCC.