diff --git a/docs/management/admin/host-isolation-exceptions.asciidoc b/docs/management/admin/host-isolation-exceptions.asciidoc index 2305d9049b..273581e35c 100644 --- a/docs/management/admin/host-isolation-exceptions.asciidoc +++ b/docs/management/admin/host-isolation-exceptions.asciidoc @@ -12,7 +12,12 @@ Host isolation exceptions support IPv4 addresses, with optional classless inter- You must have the *Host Isolation Exceptions* <> to access this feature. -- -IMPORTANT: Each host isolation exception IP address should be a highly trusted and secure location since you're allowing it to communicate with hosts that have been isolated to prevent a potential threat from spreading. +[IMPORTANT] +==== +* Each host isolation exception IP address should be a highly trusted and secure location since you're allowing it to communicate with hosts that have been isolated to prevent a potential threat from spreading. + +* If your hosts depend on VPNs for network communication, you should also set up host isolation exceptions for those VPN servers' IP addresses. +==== Host isolation is a https://www.elastic.co/pricing[Platinum or Enterprise subscription] feature. By default, a host isolation exception is recognized globally across all hosts running {elastic-defend}. You can also assign a host isolation exception to a specific {elastic-defend} integration policy, affecting only the hosts assigned to that policy. diff --git a/docs/serverless/edr-manage/host-isolation-exceptions.mdx b/docs/serverless/edr-manage/host-isolation-exceptions.mdx index d8e487368f..1c15cf1c75 100644 --- a/docs/serverless/edr-manage/host-isolation-exceptions.mdx +++ b/docs/serverless/edr-manage/host-isolation-exceptions.mdx @@ -22,7 +22,9 @@ You must have the appropriate user role to use this feature. -Each host isolation exception IP address should be a highly trusted and secure location since you're allowing it to communicate with hosts that have been isolated to prevent a potential threat from spreading. +* Each host isolation exception IP address should be a highly trusted and secure location since you're allowing it to communicate with hosts that have been isolated to prevent a potential threat from spreading. + +* If your hosts depend on VPNs for network communication, you should also set up host isolation exceptions for those VPN servers' IP addresses. Host isolation requires the Endpoint Protection Complete . By default, a host isolation exception is recognized globally across all hosts running ((elastic-defend)). You can also assign a host isolation exception to a specific ((elastic-defend)) integration policy, affecting only the hosts assigned to that policy.