- 15 Feb 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
CrowdStrike Falcon - Isolate and Unisolate Assets
- Updated on 15 Feb 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
CrowdStrike Falcon - Isolate quarantines each of the assets (endpoints) retreived from the saved query supplied as a trigger (or devices that have been selected in the asset table), from the network.
CrowdStrike Falcon -Unisolate restores full network connectivity to each of the assets (endpoints) retreived from the saved query supplied as a trigger.
- Not all asset categories are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapters Fetch History, and Asset Investigation modules.
- See Actions supported for Vulnerabilities.
- See Actions supported for Software.
General Settings
- Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
Isolate in CrowdStrike Falcon
These fields refer to CrowdStrike Falcon - Isolate.
Required Fields
Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.
Required Permissions
See CrowdStrike Falcon adapter - Required Permissions.
Unisolate in CrowdStrike Falcon
These fields refer to CrowdStrike Falcon - Unisolate.
Required Fields
Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.
Required Permissions
See CrowdStrike Falcon adapter - Required Permissions.
For more details about other Enforcement Actions available, see Action Library.