Issue
Is there a way to setup automation to decommission uncommunicative endpoints?
Environment
Red Canary - Automation
Resolution
You can use an automation trigger to execute a playbook for decommissioning an endpoint that has not checked in within the last 59 days or less. Below is an example of the fields you can use for a trigger.
From this you can set a playbook to decommission the endpoint. To receive an alert to approve the decommissioning for an endpoint, check the Require approval box and select the preferred method of notification.
**Note: Once a trigger and playbook are set up and enabled, automation will only work for endpoints that meet the criteria in the future. For endpoints that need to be decommissioned retroactively, you will need to decommission manually. See Decommissioning Endpoints.
For further guidance on the basics of automation:
Getting started with automation
Automate Trigger Condition Descriptions
Comments
0 comments
Please sign in to leave a comment.