Quarantine Endpoint
Workflow #0027
Response Workflow
This workflow quarantines an endpoint in Cisco Identity Services Engine (ISE) by applying an Adaptive Network Control (ANC) policy.
Requirements
- The following atomic actions must be imported before you can import this workflow:
- ISE - ERS - ANC Policy - Apply to Endpoint (CiscoSecurity_Atomics)
- The targets and account keys listed below
Workflow Steps
- Make sure the observable type provided is supported
- Apply the ANC policy to the endpoint
Configuration
- Set the
ANC Policy Namelocal variable to the name of the ANC policy to apply - If you want to change the name of this workflow in the pivot menu, change its display name
Targets
Note: If your Cisco ISE deployment is on-premise, you will need a SecureX orchestration remote to use ISE with orchestration.
Target Group: Default TargetGroup
| Target Name | Type | Details | Account Keys | Notes |
|---|---|---|---|---|
| Cisco ISE ERS | HTTP Endpoint | Protocol: HTTPSHost: ISE Primary Admin NodePort: 9060Path: None | ISE_ERS_Credentials |
Account Keys
| Account Key Name | Type | Details | Notes |
|---|---|---|---|
| ISE_ERS_Credentials | HTTP Basic Authentication | Username: ISE Username Password: ISE Password | Must have ERS Admin permission |