Issue
Is there a way to setup automation to decommission uncommunicative endpoints?
Environment
Red Canary - Automation
Resolution
You can use an automation trigger to execute a playbook for decommissioning an endpoint that has not checked in within the last 59 days or less. Below is an example of the fields you can use for a trigger. 
From this you can set a playbook to decommission the endpoint. To receive an alert to approve the decommissioning for an endpoint, check the require approval box and select the preferred method of notification.
**Note: Automation will only work for endpoints that meet the criteria going forward once a trigger and playbook are setup and enabled. For endpoints that need to be decommissioned retroactively, you will need to decommission manually. See Decommissioning Endpoints.
For further guidance on the basics of automation:
Getting started with automation
Automate Trigger Condition Descriptions
Comments
0 comments
Please sign in to leave a comment.