Network Quarantine overview
With Network Quarantine, you can use your existing Network Access control (NAC) solution to control the communication of both managed and unmanaged endpoints (controlling unmanaged endpoints requires Tanium™ Discover).
With the Network Quarantine service, Tanium products can communicate with a NAC to isolate endpoints. Network Quarantine is supported for use with Cisco Identity Services Engine (ISE) to block by MAC address.
For more information, see Configuring NACs.
If you are using ISE, you can create automated rules to find endpoints that need to be quarantined. Automated rules use saved questions to identify endpoints that are causing violations. You can then quarantine these endpoints. For more information, see Quarantine with automated rules.
Network Quarantine generates events when the NAC starts or stops, or when an endpoint is quarantined. You can send notifications about these events to destinations such as email, security information and event management (SIEM) software, or a file by creating a connection in Connect. For more information, see Configuring notifications.
When the Network Quarantine service is configured with Tanium Discover, you can also quarantine a MAC address directly from the Discover Interfaces pages. For more information, see the Tanium Discover User Guide.
Last updated: 1/24/2022 3:42 PM | Feedback