Isolate and Unisolate in VMware Carbon Black EDR
  • 07 Feb 2022
  • 1 Minute to read
  • Dark
    Light
  • PDF

Isolate and Unisolate in VMware Carbon Black EDR

  • Dark
    Light
  • PDF

The Isolate in VMware Carbon Black EDR action quarantines each of the query results entities (endpoints) from the network.
The VMware Carbon Black EDR (Carbon Black CB Response) network isolation functionality allows administrators to isolate endpoints that may be actively involved in an incident, while preserving access to perform Live Response on that endpoint and collect further endpoint telemetry.

The Unisolate in VMware Carbon Black EDR action restores full network connectivity to each of the query results entities (endpoints).

NOTE
To use the actions below, you must successfully configure a VMware Carbon Black EDR adapter connection.

Isolate in VMware Carbon Black EDR

To configure the Isolate in VMware Carbon Black EDR action, do as follows:

  1. From the Action Library, click Execute Endpoint Security Agent Action, and then click Isolate in VMware Carbon Black EDR.
  2. Define a unique action name.
  3. If you are using multi-nodes, choose the Axonius node to use to interact with the adapter when executing the enforcement action.
  4. Save the action.

Unisolate in Carbon Black CB Response

To configure the Unisolate in VMware Carbon Black EDR action, do as follows:

  1. From the Action Library, click Execute Endpoint Security Agent Action, and then click Unisolate in VMware Carbon Black EDR.
  2. Define a unique action name.
  3. If you are using multi-nodes, choose the Axonius node to use to interact with the adapter when executing the enforcement action.
  4. Save the action.

To learn more about configuring Enforcement Sets, see Configuring Enforcement Sets.


First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.