11-22-2023 01:30 AM
During an automated isolation response from secure client, will the Isolated device still be reachable from the Secure client dashboard, and will the device communicate using DNS and be protected by Umbrella?
11-22-2023 01:58 PM
12-12-2023 01:44 PM
Yes, this is doable..
From the Cisco documentation:
https://docs.amp.cisco.com/en/SecureEndpoint/Secure%20Endpoint%20User%20Guide.pdf
IP Isolation Allow Lists An IP isolation allow list lets you specify IP addresses that the Secure Endpoint Windows and Mac connectors will not block when an endpoint is isolated. This allows the endpoint to communicate with trusted locations within your network for further investigation during an active Endpoint Isolation session. You can add up to 200 IPV4 addresses to this list. IP isolation allow lists do not support port numbers. IMPORTANT! By default, all Secure Endpoint Cloud addresses are included in the allow list so the connector can receive policy updates, perform cloud lookups, and update the isolation status.
You will just need to add the Umbrella IPs in the exceptions list.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide