With the Cisco Firepower Management Center (FMC) Remediation Module for Tetration, when an attack on your network from an infected host is detected by the FMC, the offending host can be quarantined by a Tetration Analytics (TA) enforcement agent so that no further traffic is allowed to go in or out of that host. The following illustration shows the relationship between the FMC and Tetration when the remediation module is installed:
The illustration also shows the overall process of quarantining the network attack:
A host with an infected application launches an attack on your network. The attack is blocked inline by Cisco Firepower Threat Defense (FTD) running on a Firepower device (physical or virtual).
An intrusion event that includes information about the infection is generated and reported to the FMC managing the FTD.
The attack triggers the remediation module on the FMC to use the Northbound API to request that Tetration quarantine the infected host.
Tetration quickly contains the infected application workload by sending a quarantine request to the enforcement agent on the infected host.