UnQuarantine Endpoint
Workflow #0028
Response Workflow
This workflow removes an endpoint from quarantine in Cisco Identity Services Engine (ISE) by clearing its ANC Policy assignments. Supported observables: mac_address
, ip
Change Log
Date | Notes |
---|---|
May 26, 2021 | - Initial release |
Sep 10, 2021 | - Updated to use the new system atomics |
Sep 1, 2022 | - Updated to support IP addresses in addition to MAC addresses |
See the Important Notes page for more information about updating workflows
Requirements
- The following system atomics are used by this workflow:
- ISE - ERS - ANC Policy - Clear from Endpoint
- The following atomic actions must be imported before you can import this workflow:
- None
- The targets and account keys listed at the bottom of the page
- Cisco Identity Services Engine (ISE)
Workflow Steps
- Make sure the observable type provided is supported
- Clear the ANC policies from the endpoint depending on which type of observable was provided
Configuration
- If you want to change the name of this workflow in the pivot menu, change its display name
Targets
Note: If your Cisco ISE deployment is on-premises and not accessible from the internet, you will need a SecureX orchestration remote to use ISE with orchestration.
Target Group: Default TargetGroup
Target Name | Type | Details | Account Keys | Notes |
---|---|---|---|---|
Cisco ISE ERS | HTTP Endpoint | Protocol: HTTPS Host: ISE Primary Admin Node Port: 9060 Path: None | ISE_ERS_Credentials |
Account Keys
Account Key Name | Type | Details | Notes |
---|---|---|---|
ISE_ERS_Credentials | HTTP Basic Authentication | Username: ISE Username Password: ISE Password | Must have ERS Admin permission |