Run Isolate Host

The Isolate Host command triggers the Security Operations Integration - Isolate Host or Endpoint workflow to restrict system connections to other devices.

Before you begin

Role required: sn_si.analyst

About this task

Note: If no implementations are available, capability actions are not displayed in product menus.

The Security Operations Integration - Isolate Host or Endpoint workflow can be triggered from the related list on a security incident.

Procedure

  1. Navigate to a security incident.
  2. Select Configuration Items from the Related List tab.
  3. Click Isolate Host in the Actions on selected rows... drop-down menu.
    Isolate Host
    The dialog box appears.
    Isolate Host dialog box
  4. Choose the implementation.
  5. Click Isolate Host.
    The workflow execution audit is displayed in the work notes section.
    Isolate Host work note example