Lift Endpoint Isolation
Reverses the isolation of a single endpoint.
Parameters
| Parameter | Description |
|---|---|
| Endpoint | The endpoint to be unisolated. Select the endpoint's hostname or manually type its ID. |
| Incident ID | String representing the incident ID.When included in the request, the Isolate Endpoints action will appear in the Cortex XDR Incident View Timeline tab. |
Example Output
{
"reply": {
"action_id": "<action ID>",
"status": "1",
"endpoints_count": "1"
}
}
Workflow Library Example
Lift Endpoint Isolation with Cortex Xdr and Send Results Via Email
Preview this Workflow on desktop