Skip to main content

AQUILA - Host Isolation

Overview

Host Isolation Exception allows isolated endpoints to maintain connectivity to specific IP addresses while remaining isolated from the rest of the network. This feature is useful when you need to isolate potentially compromised hosts for security purposes while still allowing them to communicate with specific trusted resources.

Prerequisites

  • Administrator permissions
  • Access to the Control Panel section

Option 1: Endpoint Detection and Response (EDR) - Endpoints

1. Navigate to Endpoint Sub-module in Endpoint Detection and Response (EDR)

  • Step 1: Log in to CyTech - AQUILA. click here --> usdc.cytechint.io
  • Step 2: In the left column click Cyber Monitoring -> Endpoint Detection and Response (EDR) -> Dashboard

Frame 1.pngFrame 1 (4).png

2. Access the Endpoint Section

  • By pressing the eye icon, it will transfer the user to the Endpoint Section where it shows system details, alert rules, alerts, and events.

Frame 1 (1).pngFrame 1 (3).png

3. Isolate Host

  • By Pressing the Respond button, it will show Isolate host where the user can isolate their endpoint or a specific workstation.

Frame 1 (2).png

4. Isolate Endpoint

  • In this section, the user can disable their endpoint and provide a reason for the isolation.

Frame 1 (1).png

Option 2: Endpoint Detection and Response (EDR) - Control Panel

1. Navigate to Endpoint Management

image.pngFrame 1 (5).png

  1. From the AQUILA main dashboard, locate the left sidebar menu
  2. Under the DOMAINS section, click on Cyber Monitoring
  3. Select Endpoint Detection and Response (EDR)
  4. Click on Control Panel

This will open the endpoint management interface.

2. Access the Manage Endpoints Section

image.png

  1. In the Control Panel, click on Manage Endpoints from the Policy Settings menu.

    image.png

  2. You'll see a table displaying all registered endpoints with the following information:
    • Operating System
    • Status (healthy, unhealthy, offline, isolated)
    • Date Added
    • Available Actions
3. Isolate an Endpoint

image.png

If you need to isolate an endpoint first:

  1. Locate the target endpoint in the list
  2. Click the Isolate Host button in the Action column
  3. In the "Isolate Endpoint" dialog box:

    image.png

  4. Click the Confirm button to proceed
  5. The endpoint status will change to Isolated

    image.png

Note: Once isolated, the endpoint will be disconnected from the network and unable to access external resources except those specified in the Host Isolation Exception list.

image.png

Testing connection status:

image.png

image.png  image.png

4. Verify Isolation Status

After isolation, you can verify the endpoint's network status:

  1. Open Command Prompt on the isolated endpoint
  2. Test connectivity by pinging a public IP address:
  3. You should see General failure messages, confirming the host is isolated
  4. The ping statistics should show 100% loss

    image.png

    Back to top