Isolate an Endpoint
In the event that an endpoint is compromised, you can immediately isolate it to reduce an attacker’s mobility.
When you isolate an endpoint, you halt all network access on the endpoint except for traffic to Cortex XDR. This can prevent a compromised endpoint from communicating with other endpoints thereby reducing an attacker’s mobility on your network. After the Cortex XDR agent receives the instruction to isolate the endpoint and carries out the action, the Cortex XDR console shows an Isolated check-in status. To ensure an endpoint remains in isolation, agent upgrades are not available for isolated endpoints.
Network isolation is supported for endpoints that meet the following requirements:
Network isolation on Mac endpoints does not terminate active connections that were initiated before the Cortex XDR agent was installed on the endpoint.
- From Cortex XDR, initiate an action to isolate an endpoint.Go toand selectResponseAction Center+ New ActionIsolate.You can also initiate the action (for one or more endpoints) from theIsolationpage of the Action Center or from.EndpointsEndpoint ManagementEndpoint Administration
- Enter aCommentto provide additional background or other information that explains why you isolated the endpoint.After you isolate an endpoint, Cortex XDR will display theIsolation Commenton the. If needed, you can edit the comment from the right-click pivot menu.Action CenterIsolation
- Select the target endpoint that you want to isolate from your network.
- Review the action summary and clickDonewhen finished.In the next heart beat, the agent will receive the isolation request from Cortex XDR.
- To track the status of an isolation action, select.ResponseAction CenterIsolationIf after initiating an isolation action, you want to cancel, right-click the action and select. You can cancel the isolation action only if the endpoint is still inCancel for pending endpointPendingstatus and has not been isolated yet.
- After you remediate the endpoint, cancel endpoint isolation to resume normal communication.You can cancel isolation from the Actions Center (Isolationpage) or from. From either place right-click the endpoint and selectEndpointsEndpoint ManagementEndpoint Administration.Endpoint ControlCancel Endpoint Isolation
Recommended For You
Recommended videos not found.