Parameter | Description |
---|---|
Endpoint ID | The endpoint to be isolated. Select the endpoint’s hostname or manually type its ID. |
Incident ID | String representing the incident ID. When included in the request, the Isolate Endpoints action will appear in the Cortex XDR Incident View Timeline tab. |
{
"reply": {
"action_id": "<action ID>",
"status": "1",
"endpoints_count": "1"
}
}
Was this page helpful?