This article describes how to run Isolation actions on an endpoint based on IP address or hostname using Palo Alto Networks Cortex™ XSOAR command line interface.
Base command
Runs process, desktop, and network isolation on the endpoint
malwarebytes-isolate-endpoint
Runs process isolation on the endpoint
malwarebytes-isolate-process
Runs desktop isolation on the endpoint
malwarebytes-isolate-desktop
Runs network isolation on the endpoint
malwarebytes-isolate-network
Removes isolation from the endpoint
malwarebytes-deisolate-endpoint
Input
Argument name | Description | Required |
hostname | The hostname of an endpoint in Nebula. | Optional |
ip | The IP address of an endpoint in Nebula. | Optional |
Context Output
Path | Type | Description |
Malwarebytes.Scan.Machine_ID | string | The endpoint ID of the host. |
Malwarebytes.Scan.Job_ID | string | The job ID of the scanned host. |
Command examples
!malwarebytes-isolate-endpoint hostname=DESKTOP-LI4MQ7B
!malwarebytes-isolate-process hostname=DESKTOP-LI4MQ7B
!malwarebytes-isolate-desktop hostname=DESKTOP-LI4MQ7B
!malwarebytes-isolate-network hostname=DESKTOP-LI4MQ7B
!malwarebytes-deisolate-endpoint hostname=DESKTOP-LI4MQ7B
Return to the table of contents.