Note: By default, the network isolation option is disabled in the policy, and you cannot view options mentioned in this section. To enable network isolation, in the policy configuration, select Enabled in the Network Isolation option under Response Action Settings. For more information, see the NetWitness Endpoint Configuration Guide.
To isolate a host from the network:
-
Go to Hosts and do one of the following:
-
In the Isolate from Network dialog, by default, a set of IP addresses are excluded from isolation. For more information, see Network Isolation. To add IP addresses to the list, select the Add your IPs to Exclusion List checkbox. You can enter up to 100 IP addresses separated by comma.
-
Enter comments.
-
Click Isolate Host.
Edit Exclusion List
To edit the exclusion list:
-
Go to Hosts and do one of the following:
-
Add or modify the IP addresses in the list.
-
Enter comments and click Save.
Release Isolated Hosts
Releasing the isolated host restores the network connection and removes IP addresses added to the Exclusion list. To release the host from isolation:
-
Go to Hosts and do one of the following:
- Enter comments and click Release Host.