Skip to main content

Endpoint actions in OneView

Updated: 

OneView's Endpoints page allows you to perform actions on multiple endpoints across multiple sites. To display endpoint details, click an endpoint's name in the endpoint column.

Follow the steps below to initiate an action on an endpoint:

  1. In the left navigation pane, click Manage > Endpoints.
  2. Filter your endpoints that you want to perform an action on. For information on ways to filter your endpoints, see Filter endpoints in OneView.
  3. In the Endpoint column, check the boxes next to endpoints or endpoint groups that you want to perform an action on. You can select all of the endpoints if you check the box in the upper-left part of the table.
  4. Click the ellipsis icon Capture.PNG to display all available commands. Choose one of the following:
    • Scans
      • Scan + Report: Checks protection updates and runs a Threat Scan to report the results. Any detected threats are not removed.
      • Scan + Quarantine: Checks for protection updates and runs a Threat Scan. Any detected threats are quarantined and scan results are reported.
      • Refresh Assets: Updates hardware asset information and checks for software vulnerabilities software asset information for the selected endpoints.
      • Custom Scan:  Tells the endpoint to check for protection updates, then run a Threat Scan using the options selected in the window. For more information on each setting, see Types of scans in OneView.
        • The customizable options are for Windows only. If endpoints of other operating systems are selected, a Threat Scan will run and quarantine detected threats.
    • Agent updates
      • Update Agent: Tells the endpoint to install the latest endpoint software. A restart may be needed to complete the installation. IMPORTANT: Reboots are handled as configured via your policy Reboot Options.
      • Check for Agent Updates: Performs an immediate check for Software Updates. If an update is available, a status indicator displays and an Update Agent action must be issued to initiate the update. 
      • Check for Protection Updates: Checks for protection updates. While scans also do this, selecting this action makes sure that Real-time Protection uses the most recent updates.
    • Restart Endpoint(s): Performs a system restart of the selected endpoint(s). 
      • Allow users to postpone: Enables a popup on endpoints that allows users to postpone a reboot by preset times of 10, 30, or 60 minutes. Users can also click the X in the top-right corner to dismiss the pop-up and honor the reboot timer displayed in the window. Reminders to postpone the reboot appear 10 minutes before and once the time elapses. If the reboot is not postponed, the endpoint automatically reboots 1 minute after the time elapses. Reboot postponements are displayed on the Events screen as an Audit event.
    • Remediate Endpoint(s): Remediates found threats on an endpoint. A restart may be needed to complete remediation.
    • Generate Diagnostic Logs: Tells the online endpoint to send diagnostic logs to Nebula. When the task completes, the Diagnostic Logs Available icon 2021-01-04_11-36-33.png displays on the Endpoint Details page in the top-right corner. Hover your cursor over this icon for the option to download the logs.
    • Launch Active Response Shell: Launches the Active Response Shell remote session on Windows and Linux endpoints. Windows ARM devices are not supported. For more information, see Active Response Shell in OneView.
    • Isolate Endpoint(s): Isolates the endpoint from the network to prevent an active threat from spreading. The console continues to communicate with the endpoint.
    • Remove Isolation: Restores access to the endpoint if it is isolated.
    • Reassign Endpoint(s): Moves the selected endpoints to the Default Group of a different site in your console. The selected endpoints will be reassigned the next time they sync with OneView. Use this if an endpoint was accidentally installed to the wrong site.
      Note: Endpoint aliases are not transferred between sites. Aliases will need to be re-added once the endpoints are on the new site. 
    • Cancel Pending Tasks: Cancel a task if it is in the Pending status. This does not work on tasks that are Processing or Complete. Use this if you issued a task by mistake or changed your mind. The window of time to cancel a pending task on an endpoint with an active websocket connection is small because the task quickly changes from Pending to Processing
    • Move Group: Move selected endpoints from the same site to another group.
    • Delete Endpoint(s): Deletes selected endpoints from the OneView console.
    • Exports
      • Download .csv: Downloads a .csv file of the selected endpoints information. 
      • Download .xlsv: Downloads a .xlsv file of the selected endpoints information. 
        • If the data size is too large to download, an email will be sent instead with a link to download the export.
  5. Check the Tasks tab for the status of the initiated action. The following list shows all the possible statuses:
    • Pending: The endpoint is waiting to receive an action. Pending tasks can be canceled with the Cancel Pending Tasks button.
    • Created: The task is created.
    • Processing: The action is in progress.
    • Success: The action is successful.
    • Expired: The endpoint did not receive the action after 3 days pending.
    • Failed: The action has failed. This may occur if you sent a repeat command to an endpoint while the same command is Pending. For more information, see Tasks page in OneView.

Still have questions?

Support is available via chat, phone or by creating a ticket. You can also use our virtual assistant for guided assistance.

Learn more