Contact sales
Details

This workflow consumes one or more hostnames and attempts to un-isolate matching endpoints in all supported products. Currently supported products include: Cisco Secure Endpoint, CrowdStrike, SentinelOne, Microsoft Defender for Endpoint (Commercial or GCC), Trend Vision One, Cybereason, Palo Alto Cortex, and Darktrace /NETWORK.

Targets: Automation APIs, Cisco Secure Endpoint, CrowdStrike, Cybereason, Darktrace /NETWORK, Microsoft Defender for Endpoint (Commercial or GCC), Palo Alto Cortex, SentinelOne, Trend Vision One

Steps:

  • Check how the workflow was started (if not a playbook task, end the workflow)
  • Get a list of XDR automation targets and extract the supported integrations
  • Check if there are supported integrations available (if not, end the workflow)
  • For each hostname:
    • For each integration:
      • Attempt to un-isolate the host in the given integration
    • Check if the host was un-isolated in at least one product (if not, update the workflow results)
About
Integration
Authorship
Cisco Managed