Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15286
Views
10
Helpful
3
Replies

AMP Endpoint Isolation

Go to solution
soup_dragon
Level 1
Level 1

‎05-15-2020 08:13 AM

Been a user of AMP for sometime but installed and left to do its own thing for quite a while. Been focusing in recent weeks updating connectors and reviewing settings and came across a question couldn't find the answer to and thats how to Isolate a Computer. 

 

In the help text it states 

Starting an Endpoint Isolation Session

Isolating an endpoint blocks all network traffic except for communication to the AMP Cloud and any other IP addresses configured in your IP isolation allow list.

To start an Endpoint Isolation session:

1.
In the console, navigate to Management > Computers.
2.
Locate the computer you want to isolate and click to display details.
3.
Click the Start Isolation button.

The Connector UI will indicate that the endpoint is isolated.

 

I cannot see the Start Button to start isolation, anyone else have the same issue? 


Thanks

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Matthew Franks
Cisco Employee
Cisco Employee

‎05-15-2020 08:53 AM

You need to be on Windows Connector version 7.0.5 or higher and have isolation enabled in your policy.  Then, you should see the Start Isolation button.

screenshot.png

Thanks,

Matt

View solution in original post

Go to solution
Troja007
Cisco Employee
Cisco Employee

‎05-25-2020 04:56 AM

Hello @soup_dragon,

AMP for endpoints also includes automated actions, where you can automate the isolation based on generated IOCs.

Greetings,

Thorsten

 

Automated Action.png

 

View solution in original post

3 Replies 3

Go to solution
Matthew Franks
Cisco Employee
Cisco Employee

‎05-15-2020 08:53 AM

You need to be on Windows Connector version 7.0.5 or higher and have isolation enabled in your policy.  Then, you should see the Start Isolation button.

screenshot.png

Thanks,

Matt

Go to solution
soup_dragon
Level 1
Level 1
In response to Matthew Franks

‎05-15-2020 10:04 AM

Perfect, in fact I was missing the button but missed it needed to be setup in Policy, help text didn't mention that. Have now switched on for all active polices. Thanks for the quick response.

 

0 Helpful

Go to solution
Troja007
Cisco Employee
Cisco Employee

‎05-25-2020 04:56 AM

Hello @soup_dragon,

AMP for endpoints also includes automated actions, where you can automate the isolation based on generated IOCs.

Greetings,

Thorsten

 

Automated Action.png

 

Customers Also Viewed These Support Documents