- 07 Feb 2022
- 1 Minute to read
-
Print
-
DarkLight
-
PDF
Isolate and Unisolate in VMware Carbon Black EDR
- Updated on 07 Feb 2022
- 1 Minute to read
-
Print
-
DarkLight
-
PDF
The Isolate in VMware Carbon Black EDR action quarantines each of the query results entities (endpoints) from the network.
The VMware Carbon Black EDR (Carbon Black CB Response) network isolation functionality allows administrators to isolate endpoints that may be actively involved in an incident, while preserving access to perform Live Response on that endpoint and collect further endpoint telemetry.
The Unisolate in VMware Carbon Black EDR action restores full network connectivity to each of the query results entities (endpoints).
Isolate in VMware Carbon Black EDR
To configure the Isolate in VMware Carbon Black EDR action, do as follows:
- From the Action Library, click Execute Endpoint Security Agent Action, and then click Isolate in VMware Carbon Black EDR.
- Define a unique action name.
- If you are using multi-nodes, choose the Axonius node to use to interact with the adapter when executing the enforcement action.
- Save the action.
Unisolate in Carbon Black CB Response
To configure the Unisolate in VMware Carbon Black EDR action, do as follows:
- From the Action Library, click Execute Endpoint Security Agent Action, and then click Unisolate in VMware Carbon Black EDR.
- Define a unique action name.
- If you are using multi-nodes, choose the Axonius node to use to interact with the adapter when executing the enforcement action.
- Save the action.
To learn more about configuring Enforcement Sets, see Configuring Enforcement Sets.