Skip to main content

Rapid ransomware containment - Illumio

This Playbook is part of the Illumio Rapid Ransomware Containment Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.2.0 and later.

Isolate one or more workloads based on traffic flows to a given port/protocol.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Update enforcement mode - Illumio


  • IllumioCore


  • Print


  • illumio-object-provision
  • illumio-workloads-list
  • illumio-ip-lists-get
  • illumio-ruleset-create
  • illumio-enforcement-boundary-create
  • illumio-service-binding-create
  • illumio-virtual-service-create
  • illumio-rule-create
  • illumio-traffic-analysis

Playbook Inputs#

NameDescriptionDefault ValueRequired
PortProvide Port to be blocked.Required
ProtocolProtocol of Port.TCPOptional
Allow Traffic?Do You want to allow traffic on this port? (Yes or No)YesOptional
Update the enforcement mode?Do you want to update the enforcement mode?(Yes or No)YesOptional

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

Rapid ransomware containment - Illumio