Skip to main content
Reverses the isolation of a single endpoint.
External DocumentationTo learn more, visit the Cortex XDR documentation.

Parameters

ParameterDescription
EndpointThe endpoint to be unisolated. Select the endpoint’s hostname or manually type its ID.
Incident IDString representing the incident ID.

When included in the request, the Isolate Endpoints action will appear in the Cortex XDR Incident View Timeline tab.

Example Output

{
	"reply": {
		"action_id": "<action ID>",
		"status": "1",
		"endpoints_count": "1"
	}
}

Workflow Library Example

Lift Endpoint Isolation with Cortex Xdr and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop