Isolates a single endpoint.
External DocumentationTo learn more, visit the Cortex XDR documentation.

Parameters

ParameterDescription
Endpoint IDThe endpoint to be isolated. Select the endpoint’s hostname or manually type its ID.
Incident IDString representing the incident ID.

When included in the request, the Isolate Endpoints action will appear
in the Cortex XDR Incident View Timeline tab.

Example Output

{
	"reply": {
		"action_id": "<action ID>",
		"status": "1",
		"endpoints_count": "1"
	}
}

Workflow Library Example

Isolate Endpoint with Cortex Xdr and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop