Unisolate Endpoint - Generic
This playbook unisolates endpoints according to the endpoint ID or host name provided in the playbook. It currently supports the following integrations: - Carbon Black Response - Cortex XDR - Crowdstrike Falcon - FireEye HX - Cybereason - Microsoft Defender For Endpoint.
Common Playbooks · 8 tasks · 3 inputs · 6 outputs
Inputs
Endpoint_ID— The endpoint ID/device ID/sensor ID/agent ID that you want to unisolate.Hostname— The host name of the endpoint to unisolate (using Cybereason or FireEyeHX).IP— IP address of the endpoint to unisolate. (using Defender or XDR)
Outputs
MicrosoftATP.MachineAction.ID— The machine action ID.MicrosoftATP.NonUnisolateList— The machine IDs that will not be released from isolation.MicrosoftATP.UnisolateList— The machine IDs that were released from isolation.MicrosoftATP.IncorrectIDs— Incorrect device IDs entered.MicrosoftATP.IncorrectHostnames— Incorrect device host names entered.MicrosoftATP.IncorrectIPs— Incorrect device IPs entered.