Quarantine potentially infected Harmony Endpoint device (enforced by Gateway)
The automation blocks outgoing traffic from devices with potential threat such as malware or virus, detected by Harmony Endpoint, to prevent lateral movement or communication with C&C (Command and Control).
Supported Product
- Check Point Security Management Server (Quantum)
Harmony Endpoint
Parameters
|
IP quarantine duration (if admin's approval is required) |
Set the expiration period for the automation. This applies only if you have selected the Admin's approval is required for quarantining device IP checkbox. After the expiration, Infinity Playblocks sends the notification for the Administrator's approval. |
|
IP quarantine duration (automatic prevention) |
Set the expiration period for the automations that are executed automatically (without the Administrator's approval). The default duration is 1 day. |
|
Admin's approval is required for quarantining device IP |
Select the checkbox if you want Administrator's approval to execute the automation. Check Point recommends that you leave Admin's approval is required for quarantining device IP checkbox unselected. |
|
Open ticket if device IP was quarantined |
Select the checkbox if you want to open a ticket when device IP was quarantined. |
Trigger
Matching quarantine potentially infected Endpoint device.
To view the example of this log, click Run.
Flow
