This article describes how to initiate an Isolation action on an endpoint based on IP address or hostname using Palo Alto Networks Cortex™ XSOAR command line interface. This action isolates an endpoint by process, network and desktop.
Base command
malwarebytes-isolate-endpoint
Input
| Argument name | Description | Required |
| hostname | The hostname of an endpoint in Nebula. | Optional |
| ip | The IP address of an endpoint in Nebula. | Optional |
Context Output
| Path | Type | Description |
| Malwarebytes.Scan.Machine_ID | string | The endpoint ID of the host. |
| Malwarebytes.Scan.Job_ID | string | The job ID of the scanned host. |
Command example
!malwarebytes-isolate-endpoint hostname=DESKTOP-LI4MQ7B
Context example
{
"Malwarebytes.Scan": {
"Machine_ID": "211d8c3e-142c-4849-b1f0-1680b4bd239c",
"Job_ID": "07f3b5b9-03ad-4fc9-8264-2ed79bb0cc48"
}
}
Human readable output
Isolation action has been successfully started on the Endpoint: DESKTOP-LI4MQ7B with the job_id: 07f3b5b9-03ad-4fc9-8264-2ed79bb0cc48. Use job_id in malwarebytes-get-job-status command to view results
Return to the table of contents.