From c330d53bbf4ccafcbcf102ef94f31b474018034c Mon Sep 17 00:00:00 2001 From: Joe Peeples Date: Wed, 17 Jul 2024 14:12:43 -0400 Subject: [PATCH 1/3] Add to admonition [ESS] --- docs/management/admin/host-isolation-exceptions.asciidoc | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/management/admin/host-isolation-exceptions.asciidoc b/docs/management/admin/host-isolation-exceptions.asciidoc index 2305d9049b..6a5f90d348 100644 --- a/docs/management/admin/host-isolation-exceptions.asciidoc +++ b/docs/management/admin/host-isolation-exceptions.asciidoc @@ -4,15 +4,18 @@ You can configure host isolation exceptions for specific IP addresses that <> are still allowed to communicate with, even when blocked from the rest of your network. Isolated hosts can still send data to {es} and {kib}, so you don't need to set up host isolation exceptions for them. -Host isolation exceptions support IPv4 addresses, with optional classless inter-domain routing (CIDR) notation. - .Requirements [sidebar] -- You must have the *Host Isolation Exceptions* <> to access this feature. -- -IMPORTANT: Each host isolation exception IP address should be a highly trusted and secure location since you're allowing it to communicate with hosts that have been isolated to prevent a potential threat from spreading. +[IMPORTANT] +==== +* Each host isolation exception IP address should be a highly trusted and secure location since you're allowing it to communicate with hosts that have been isolated to prevent a potential threat from spreading. + +* If your hosts depend on VPNs for network communication, you should also set up host isolation exceptions for those VPN servers' IP addresses. +==== Host isolation is a https://www.elastic.co/pricing[Platinum or Enterprise subscription] feature. By default, a host isolation exception is recognized globally across all hosts running {elastic-defend}. You can also assign a host isolation exception to a specific {elastic-defend} integration policy, affecting only the hosts assigned to that policy. From 50912180e856438f3810b1ad7e841f9792f1a5ec Mon Sep 17 00:00:00 2001 From: Joe Peeples Date: Wed, 17 Jul 2024 14:13:01 -0400 Subject: [PATCH 2/3] Add to admonition [serverless] --- docs/serverless/edr-manage/host-isolation-exceptions.mdx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/serverless/edr-manage/host-isolation-exceptions.mdx b/docs/serverless/edr-manage/host-isolation-exceptions.mdx index d8e487368f..1c15cf1c75 100644 --- a/docs/serverless/edr-manage/host-isolation-exceptions.mdx +++ b/docs/serverless/edr-manage/host-isolation-exceptions.mdx @@ -22,7 +22,9 @@ You must have the appropriate user role to use this feature. -Each host isolation exception IP address should be a highly trusted and secure location since you're allowing it to communicate with hosts that have been isolated to prevent a potential threat from spreading. +* Each host isolation exception IP address should be a highly trusted and secure location since you're allowing it to communicate with hosts that have been isolated to prevent a potential threat from spreading. + +* If your hosts depend on VPNs for network communication, you should also set up host isolation exceptions for those VPN servers' IP addresses. Host isolation requires the Endpoint Protection Complete . By default, a host isolation exception is recognized globally across all hosts running ((elastic-defend)). You can also assign a host isolation exception to a specific ((elastic-defend)) integration policy, affecting only the hosts assigned to that policy. From 93c2816ef7451e2e6fd741ef9b0076ff6c32f2f5 Mon Sep 17 00:00:00 2001 From: Joe Peeples Date: Wed, 17 Jul 2024 14:40:50 -0400 Subject: [PATCH 3/3] Add back accidentally deleted line --- docs/management/admin/host-isolation-exceptions.asciidoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/management/admin/host-isolation-exceptions.asciidoc b/docs/management/admin/host-isolation-exceptions.asciidoc index 6a5f90d348..273581e35c 100644 --- a/docs/management/admin/host-isolation-exceptions.asciidoc +++ b/docs/management/admin/host-isolation-exceptions.asciidoc @@ -4,6 +4,8 @@ You can configure host isolation exceptions for specific IP addresses that <> are still allowed to communicate with, even when blocked from the rest of your network. Isolated hosts can still send data to {es} and {kib}, so you don't need to set up host isolation exceptions for them. +Host isolation exceptions support IPv4 addresses, with optional classless inter-domain routing (CIDR) notation. + .Requirements [sidebar] --