CrowdStrike Falcon - Isolate and Unisolate Assets
  • 15 Feb 2024
  • 1 Minute to read
  • Dark
    Light
  • PDF

CrowdStrike Falcon - Isolate and Unisolate Assets

  • Dark
    Light
  • PDF

Article summary

CrowdStrike Falcon - Isolate quarantines each of the assets (endpoints) retreived from the saved query supplied as a trigger (or devices that have been selected in the asset table), from the network.

CrowdStrike Falcon -Unisolate restores full network connectivity to each of the assets (endpoints) retreived from the saved query supplied as a trigger.

NOTE
To use the actions below, you must successfully configure a CrowdStrike Falcon adapter connection.

See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.

Note:

General Settings

  • Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
  • Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.

Isolate in CrowdStrike Falcon

These fields refer to CrowdStrike Falcon - Isolate.

Required Fields

Required Permissions

See CrowdStrike Falcon adapter - Required Permissions.

Unisolate in CrowdStrike Falcon

These fields refer to CrowdStrike Falcon - Unisolate.

Required Fields

Required Permissions

See CrowdStrike Falcon adapter - Required Permissions.


For more details about other Enforcement Actions available, see Action Library.


Was this article helpful?