Welcome to my journey of continuous discovery. Enjoy your visit.
Demonstrates isolation of a Symantec Endpoint (SEP) Client using Threat Response Lists
The Client Isolation Script uses hosts added to a Threat Response list as a trigger moving a SEP Client to a Quarantine group. All methods and APIs used in the scripts are publicly available. I will not cover the specifics of each API, only the required information from each application.
Threat Response
Hosts that require isolation can be automatically added to a Threat Response list using a match condition or as a manual response by a Security Analyst.
Endpoint Protection
The Endpoint Protection API allows for retrieval of a system hardwareKey, which is required for the subsequent move computer API.
Basic Requirements:
Link to the script