Isolates a single endpoint.

External Documentation

To learn more, visit the Cortex XDR documentation.

Parameters

ParameterDescription
Endpoint IDThe endpoint to be isolated. Select the endpoint’s hostname or manually type its ID.
Incident IDString representing the incident ID.

When included in the request, the Isolate Endpoints action will appear
in the Cortex XDR Incident View Timeline tab.

Example Output

{
	"reply": {
		"action_id": "<action ID>",
		"status": "1",
		"endpoints_count": "1"
	}
}

Workflow Library Example

Isolate Endpoint with Cortex Xdr and Send Results Via Email

Preview this Workflow on desktop

Isolates a single endpoint.

External Documentation

To learn more, visit the Cortex XDR documentation.

Parameters

ParameterDescription
Endpoint IDThe endpoint to be isolated. Select the endpoint’s hostname or manually type its ID.
Incident IDString representing the incident ID.

When included in the request, the Isolate Endpoints action will appear
in the Cortex XDR Incident View Timeline tab.

Example Output

{
	"reply": {
		"action_id": "<action ID>",
		"status": "1",
		"endpoints_count": "1"
	}
}

Workflow Library Example

Isolate Endpoint with Cortex Xdr and Send Results Via Email

Preview this Workflow on desktop