Isolate Endpoint
Isolates a single endpoint.
Parameters
| Parameter | Description |
|---|---|
| Endpoint ID | The endpoint to be isolated. Select the endpoint's hostname or manually type its ID. |
| Incident ID | String representing the incident ID. When included in the request, the Isolate Endpoints action will appear in the Cortex XDR Incident View Timeline tab. |
Example Output
{
"reply": {
"action_id": "<action ID>",
"status": "1",
"endpoints_count": "1"
}
}
Workflow Library Example
Isolate Endpoint with Cortex Xdr and Send Results Via Email
Preview this Workflow on desktop