Link Search Menu Expand Document

Quarantine Endpoint

Workflow #0027

Response Workflow

This workflow quarantines an endpoint in Cisco Identity Services Engine (ISE) by applying an Adaptive Network Control (ANC) policy. Supported observable: mac_address

GitHub


Change Log

Date Notes
May 26, 2021 - Initial release
Sep 10, 2021 - Updated to use the new system atomics

See the Important Notes page for more information about updating workflows


Requirements

  • The following system atomics are used by this workflow:
    • ISE - ERS - ANC Policy - Apply to Endpoint
  • The following atomic actions must be imported before you can import this workflow:
    • None
  • The targets and account keys listed at the bottom of the page
  • Cisco Identity Services Engine (ISE)

Workflow Steps

  1. Make sure the observable type provided is supported
  2. Apply the ANC policy to the endpoint

Configuration

  • Set the ANC Policy Name local variable to the name of the ANC policy to apply
  • If you want to change the name of this workflow in the pivot menu, change its display name

Targets

Note: If your Cisco ISE deployment is on-premises and not accessible from the internet, you will need a SecureX orchestration remote to use ISE with orchestration.

Target Group: Default TargetGroup

Target Name Type Details Account Keys Notes
Cisco ISE ERS HTTP Endpoint Protocol: HTTPS
Host: ISE Primary Admin Node
Port: 9060
Path: None
ISE_ERS_Credentials  

Account Keys

Account Key Name Type Details Notes
ISE_ERS_Credentials HTTP Basic Authentication Username: ISE Username
Password: ISE Password
Must have ERS Admin permission