Quarantine Endpoint
Workflow #0027
Response Workflow
This workflow quarantines an endpoint in Cisco Identity Services Engine (ISE) by applying an Adaptive Network Control (ANC) policy. Supported observable: mac_address
Change Log
| Date | Notes |
|---|---|
| May 26, 2021 | - Initial release |
| Sep 10, 2021 | - Updated to use the new system atomics |
See the Important Notes page for more information about updating workflows
Requirements
- The following system atomics are used by this workflow:
- ISE - ERS - ANC Policy - Apply to Endpoint
- The following atomic actions must be imported before you can import this workflow:
- None
- The targets and account keys listed at the bottom of the page
- Cisco Identity Services Engine (ISE)
Workflow Steps
- Make sure the observable type provided is supported
- Apply the ANC policy to the endpoint
Configuration
- Set the
ANC Policy Namelocal variable to the name of the ANC policy to apply - If you want to change the name of this workflow in the pivot menu, change its display name
Targets
Note: If your Cisco ISE deployment is on-premises and not accessible from the internet, you will need a SecureX orchestration remote to use ISE with orchestration.
Target Group: Default TargetGroup
| Target Name | Type | Details | Account Keys | Notes |
|---|---|---|---|---|
| Cisco ISE ERS | HTTP Endpoint | Protocol: HTTPSHost: ISE Primary Admin NodePort: 9060Path: None | ISE_ERS_Credentials |
Account Keys
| Account Key Name | Type | Details | Notes |
|---|---|---|---|
| ISE_ERS_Credentials | HTTP Basic Authentication | Username: ISE Username Password: ISE Password | Must have ERS Admin permission |