Certain critical incidents warrant isolation of multiple endpoints and sometimes an entire network. In the rare situation where an entire network needs to be isolated, the Huntress Security Operations Center (SOC) will send you an Escalation, one or more incident reports, and provided you with as much investigative information as possible to help you respond, remediate, and recover.
Account Admins can also isolate an entire network from the Organizations page directly if needed. After all incident response (IR) actions have been taken by your team or an outside IR firm, the Huntress Portal enables Account Admins to release their endpoints from isolation in bulk, which means you won't have to release each endpoint one by one from each agent overview page.
Submitting multiple bulk isolate and bulk release actions back to back may cause a temporary error to prevent race conditions in host tasking. Once a job is scheduled it needs to be processed before another bulk isolate/release job can be executed.
Directions for Bulk Isolation and Bulk Host Release are the same.
1. Click on the Actions button and select "Isolate All Hosts" or "Release All Hosts"
2. Click through the confirmation modal, providing a reason for the network isolation or release. This modal will also highlight any hosts in the organization that may be excluded from isolation when isolating.
3. Once confirmed the Huntress Portal will task all hosts in the organization for isolation or release.
Multi-Org Host Isolation
1. Navigate to the Organizations tab in the Huntress Dashboard.
2. Select the Organizations that you would like to bulk Isolate all Host on.
3. Select the Isolate Host button.
4. Select the Isolate Host button to confirm the Isolation process. Please feel free to add a note for auditing purposes and verify the number of Organizations and Host that will be isolated.
Comments
0 comments
Please sign in to leave a comment.