IoT Security Integration Guide
  • IoT Security Integration Guide
  • IoT Security Documentation
  • All Documentation
>
Quarantine a Device Using Extreme Networks ExtremeCloud IQ Site Engine
Focus
Download PDF
Focus
  1. Home
  2. IoT Security
  3. Network Access Control
  4. Integrate IoT Security with Extreme Networks ExtremeCloud IQ Site Engine
  5. Quarantine a Device Using Extreme Networks ExtremeCloud IQ Site Engine
Download PDF
IoT Security

Quarantine a Device Using Extreme Networks ExtremeCloud IQ Site Engine

Table of Contents

Quarantine a Device Using Extreme Networks ExtremeCloud IQ Site Engine

Use IoT Security integration with Extreme Networks ExtremeCloud IQ Site Engine to quarantine devices of concern.
Where Can I Use This?What Do I Need?
  • IoT Security (Managed by IoT Security)
  • IoT Security subscription for an advanced IoT Security product (Enterprise Plus, Industrial OT, or Medical)
One of the following Cortex XSOAR setups:
  • An IoT Security Third-party Integration Add-on license that includes a cohosted, limited-featured Cortex XSOAR instance
    AND
    A Cortex XSOAR Engine (on-premises integration)
  • A full-featured Cortex XSOAR server
Through the IoT Security integration with Extreme Networks ExtremeCloud IQ Site Engine, you can send a request to ExtremeCloud IQ Site Engine to quarantine devices or to remove devices from quarantine.

Put a Device in Quarantine Using ExtremeCloud IQ Site Engine

If you want to quarantine a device through ExtremeCloud IQ Site Engine because you saw an alert that concerns you, use the quarantine option on the AlertsSecurity AlertsAll Alerts page. You can also do this in the Actions menu in the Alerts section on a device details page.
  1. Select an alert on AlertsSecurity AlertsAll Alerts in the IoT Security portal.
    You can only select one device at a time to quarantine.
  2. Click MoreSend to…Quarantine via ExtremeCloud IQ.
  3. Add a comment.
    After you enter a comment, the Send button changes from gray to blue, indicating that you can proceed.
  4. Send the quarantine request.
    IoT Security sends a command through Cortex XSOAR to all configured ExtremeCloud IQ Site Engine instances to add the device to the quarantine end-system group. The instance or instances that have an end-system with a matching MAC address apply the quarantine. The device remains in quarantine while you investigate the cause of the alert. Once it's resolved, you can then use the Release via ExtremeCloud IQ option.
    After you click Send, a link appears. When you click it, a new browser window opens to the Cortex XSOAR work plan for this action.
    To confirm that the quarantine command was sent, click the link to the Cortex XSOAR work plan for this action.
    For the link in IoT Security to open the corresponding work plan in Cortex XSOAR, you must already be logged in to your cloud Cortex XSOAR instance before clicking on the link.
    If you have an on-premises Cortex XSOAR, you need to search the incidents on your Cortex XSOAR to find the work plan.
    Follow the path through the work plan to see if the action completed successfully, or to triage where the action may have failed.

Release a Device from Quarantine Using ExtremeCloud IQ Site Engine

Releasing a device from quarantine is the same procedure as putting it in quarantine, except that you select MoreSend to…Release via ExtremeCloud IQ on the AlertsSecurity AlertsAll Alerts page. This option is also available in the Actions menu in the Alerts section on a device details page.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.