ise-incident-response
CommunityInvestigate and quarantine ISE endpoints.
Authorautomateyournetwork
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill streamlines the process of investigating potentially compromised network endpoints managed by Cisco ISE, enabling rapid isolation and documentation of security incidents.
Core Features & Use Cases
- Endpoint Investigation: Gathers detailed information on endpoints, including authentication history, posture status, and profiling.
- Risk Assessment: Compiles findings into a clear summary to aid human decision-making.
- Authorized Quarantine: Facilitates the quarantine of endpoints in ISE only after explicit human authorization.
- Incident Documentation: Creates detailed security incidents in ServiceNow and logs actions in GAIT.
- Use Case: When a security alert flags a suspicious device, this Skill can quickly pull all relevant data from ISE, present it to a security analyst, and, upon approval, move the device to a quarantine VLAN.
Quick Start
Use the ise-incident-response skill to investigate endpoint MAC address AA:BB:CC:DD:EE:FF.
Dependency Matrix
Required Modules
ISE_MCP_SCRIPTSERVICENOW_MCP_SCRIPTGAIT_MCP_SCRIPT
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: ise-incident-response Download link: https://github.com/automateyournetwork/netclaw/archive/main.zip#ise-incident-response Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.