cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
583
Views
10
Helpful
3
Replies
Highlighted
Beginner

AMP Endpoint Isolation

Been a user of AMP for sometime but installed and left to do its own thing for quite a while. Been focusing in recent weeks updating connectors and reviewing settings and came across a question couldn't find the answer to and thats how to Isolate a Computer. 

 

In the help text it states 

Starting an Endpoint Isolation Session

Isolating an endpoint blocks all network traffic except for communication to the AMP Cloud and any other IP addresses configured in your IP isolation allow list.

To start an Endpoint Isolation session:

1.
In the console, navigate to Management > Computers.
2.
Locate the computer you want to isolate and click to display details.
3.
Click the Start Isolation button.

The Connector UI will indicate that the endpoint is isolated.

 

I cannot see the Start Button to start isolation, anyone else have the same issue? 


Thanks

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Cisco Employee

Re: AMP Endpoint Isolation

You need to be on Windows Connector version 7.0.5 or higher and have isolation enabled in your policy.  Then, you should see the Start Isolation button.

screenshot.png

Thanks,

Matt

View solution in original post

Highlighted
Cisco Employee

Re: AMP Endpoint Isolation

Hello @soup_dragon,

AMP for endpoints also includes automated actions, where you can automate the isolation based on generated IOCs.

Greetings,

Thorsten

 

Automated Action.png

 

View solution in original post

3 REPLIES 3
Highlighted
Cisco Employee

Re: AMP Endpoint Isolation

You need to be on Windows Connector version 7.0.5 or higher and have isolation enabled in your policy.  Then, you should see the Start Isolation button.

screenshot.png

Thanks,

Matt

View solution in original post

Highlighted
Beginner

Re: AMP Endpoint Isolation

Perfect, in fact I was missing the button but missed it needed to be setup in Policy, help text didn't mention that. Have now switched on for all active polices. Thanks for the quick response.

 

Highlighted
Cisco Employee

Re: AMP Endpoint Isolation

Hello @soup_dragon,

AMP for endpoints also includes automated actions, where you can automate the isolation based on generated IOCs.

Greetings,

Thorsten

 

Automated Action.png

 

View solution in original post