Isolate in VMware Carbon Black EDR
  • 1 Minute To Read
  • Print
  • Share
  • Dark
    Light

Isolate in VMware Carbon Black EDR

  • Print
  • Share
  • Dark
    Light

The Isolate in VMware Carbon Black EDR action quarantines each of the query results entities (endpoints) from the network.
The VMware Carbon Black EDR (Carbon Black CB Response) network isolation functionality allows administrators to isolate endpoints that may be actively involved in an incident, while preserving access to perform Live Response on that endpoint and collect further endpoint telemetry.

The Unisolate in VMware Carbon Black EDR action restores full network connectivity to each of the query results entities (endpoints).

NOTE
To use the actions below, you must successfully configure a VMware Carbon Black EDR adapter connection.

Isolate in VMware Carbon Black EDR

To configure the Isolate in VMware Carbon Black EDR action, do as follows:

  1. From the Action Library, click Execute Endpoint Security Agent Action, and then click Isolate in VMware Carbon Black EDR.
  2. Define a unique action name.
  3. If you are using multi-nodes, choose the Axonius node to use to interact with the adapter when executing the enforcement action.
  4. Save the action.

Unisolate in Carbon Black CB Response

To configure the Unisolate in VMware Carbon Black EDR action, do as follows:

  1. From the Action Library, click Execute Endpoint Security Agent Action, and then click Unisolate in VMware Carbon Black EDR.
  2. Define a unique action name.
  3. If you are using multi-nodes, choose the Axonius node to use to interact with the adapter when executing the enforcement action.
  4. Save the action.



For more details on other available Enforcement Actions available, see Action Library.
For more details on Enforcement Set configuration, see Enforcement Set configuration.

Was This Article Helpful?