Isolate potentially infected CrowdStrike device (enforced by Endpoint)
The automation isolates CrowdStrike devices with high severity infection such as malware or virus, detected by CrowdStrike, to prevent the threat from spreading inside the organization. Automation parameters can be set such as the isolation duration, whether the isolation is automatic or upon administrators approval, and so on.
Supported Product
CrowdStrike for Endpoint
Parameters
|
Device isolation duration (if admin's approval is required) |
Set the expiration period for the automation. This applies only if you have selected the Admin's approval is required for device isolation checkbox. After the expiration, Infinity Playblocks sends the notification for the Administrator's approval. |
|
Device isolation duration (automatic prevention) |
Set the expiration period for the automations that are executed automatically (without the administrator's approval). The default duration is 1 day. |
|
Admin's approval is required for device isolation |
Select the checkbox if you want Administrator's approval to execute the automation. Check Pointrecommends that you leave Admin's approval is required for device isolation checkbox unselected. |
|
Open ticket if device was isolated |
Select the checkbox if you want to open a ticket when device IP was quarantined. |
Trigger
Infected CrowdStrike device.
To view the example of this log, click Run.
Flow
