Skip to content
AscendCore
Back to Runbook Library
Security Template: configurable per customer

Endpoint Isolation

Quarantine a suspected-compromised device from the network on explicit approval, with owner notification and a security-namespaced audit row.

Integrates with

IntuneCrowdStrike

The problem

When a device looks compromised, containing it quickly limits the blast radius. But network isolation is disruptive, so it needs a clear human decision and a record of who made the call.

What AscendCore does

An admin invokes isolation on the device from Slack or Teams. AscendCore proposes the action with device context, and on explicit approval isolates the endpoint and notifies the owner. The action is written to the security namespace of the audit chain.

Status

Template. Supported endpoint platforms and approver routing are configurable per customer. Connect it to your endpoint management to enable.

Runbook source preview

Versioned, deterministic, auditable

Every runbook is defined as a versioned YAML manifest with explicit triggers, steps, and approval policies. The runbook itself is the audit-ready record of what AscendCore can and will do. Chat is just the interface that triggers it.

name: endpoint-isolation
trigger:
  channels: [slack, teams]
  command: isolate-device
steps:
  - resolve_device
  - admin_approval
  - isolate_from_network
  - notify_owner
approval:
  required: true
  approvers: [it-admins, sec-team]
Want this runbook?

Configure endpoint isolation for your environment

Templates are configurable per customer environment. Talk to us about the specific systems and approval flow you need.

See plans & pricingBrowse all runbooks

More security runbooks

Live

Security Alert Triage

IT-admin-initiated security triage: invoke /alert-triage on a user account when you spot suspicious activity, AscendCore proposes account suspension pending investigation, suspension executes only on explicit approval. Distinct security-event audit namespace for SOC-2 evidence separation.

Read more
Template

Conditional Access Policy Review

Surface a proposed conditional-access change as a clear diff for approval before it affects sign-in, with a full audit record.

Read more
Template

Exposed Secret Response

Respond to a leaked credential by rotating or revoking it and notifying the owner in one approval-gated action, fully audited.

Read more