Isolate Endpoint - Generic

Isolates a given endpoint using the following integrations:

  • Carbon Black Enterprise Response
  • Palo Alto Networks Traps

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • Block Endpoint - Carbon Black Response
  • Traps Isolate Endpoint
  • Isolate Endpoint - Cybereason

Integrations

This playbook does not use any integrations.

Scripts

This playbook does not use any scripts.

Commands

This playbook does not use any commands.

Playbook Inputs


NameDescriptionRequired
HostnameThe hostname of the endpoint to block.Optional
EndpointIdThe Endpoint ID to isolate using Traps.Optional

Playbook Outputs


PathDescriptionType
CbResponse.Sensors.CbSensorIDThe Carbon Black Response Sensors IDs that has been isolated.string
EndpointThe isolated Endpoint.string
Traps.Isolate.EndpointIDThe ID of the Endpoint.string
Traps.IsolateResult.StatusThe status of the isolation operation.string

Playbook Image


Isolate_Endpoint_Generic