🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Isolate a Red Cloak™ Endpoint

endpoints host isolation


Note

Host isolation is available for Windows hosts with the Red Cloak™ Endpoint Agent installed with the Hostel module enabled, which is default for agent version 2.0.6.0 and higher (see Red Cloak™ Endpoint Agent Changelog for version updates).

Isolating an endpoint from network communication (except to Taegis™ XDR) is performed to prevent lateral spreading of threats from an infected host to healthy hosts. Once isolated hosts have the threat removed, they can be reintegrated and regain full network access.

Response actions such as isolating and restoring an endpoint are enabled via playbooks. For information on configuring playbooks to perform these actions, see Playbooks Templates and related Automations documentation.

Once playbooks have been configured, follow these steps to isolate or restore a host:

  1. From the Taegis™ XDR left-hand side navigation, select Endpoint Agents → Summary and choose an endpoint from the Endpoint Agents Summary table.
  2. Select the three dot Actions icon from the Endpoint side drawer summary view or the Actions menu from the Endpoint detailed view.
  3. From the Response Actions section, choose the action you configured via a relevant playbook.

Isolated hosts display a label next to the hostname in the side drawer summary view and the detailed view:

Isolation Status

Isolation Status

Note

Disconnected Taegis™ Endpoint Agents display an Isolation Pending or Restore Pending label until they reconnect to XDR. For more information, see Taegis™ Endpoint Agent Technical Details.

See the History section from the endpoint detailed view for a history of isolate and restore actions for the endpoint.

Note

Legacy default actions such as Isolate Host and Restore Host have been replaced by automations that perform these actions. Ensure you have configured response action playbooks to perform these actions. For more information, see the following release note.

For more information, see Red Cloak™ Endpoint Agent Technical Details.