Link Search Menu Expand Document

UnQuarantine Endpoint

Workflow #0028

Response Workflow

This workflow removes an endpoint from quarantine in Cisco Identity Services Engine (ISE) by clearing its ANC Policy assignments. Supported observable: mac_address


Change Log

Date Notes
May 26, 2021 - Initial release
Sep 10, 2021 - Updated to use the new system atomics

See the Important Notes page for more information about updating workflows


  • The following system atomics are used by this workflow:
    • ISE - ERS - ANC Policy - Clear from Endpoint
  • The following atomic actions must be imported before you can import this workflow:
    • None
  • The targets and account keys listed at the bottom of the page
  • Cisco Identity Services Engine (ISE)

Workflow Steps

  1. Make sure the observable type provided is supported
  2. Clear the ANC policies from the endpoint


  • If you want to change the name of this workflow in the pivot menu, change its display name


Note: If your Cisco ISE deployment is on-premises and not accessible from the internet, you will need a SecureX orchestration remote to use ISE with orchestration.

Target Group: Default TargetGroup

Target Name Type Details Account Keys Notes
Cisco ISE ERS HTTP Endpoint Protocol: HTTPS
Host: ISE Primary Admin Node
Port: 9060
Path: None

Account Keys

Account Key Name Type Details Notes
ISE_ERS_Credentials HTTP Basic Authentication Username: ISE Username
Password: ISE Password
Must have ERS Admin permission