The quarantining can be done via AV, but how can it allow for connections to Rapid7 for log collection? Anyone have any xp with this?
What solution are you using for quarantine actions? Depending on the solution is might be as easy as inputing an allow list for domains or IPs that the asset can communicate with after quarantine. Some solutions will allow internal communications while others only allow communication with their platform.
If you are looking for the communication needed from agent to platform it can be found here:
https://docs.rapid7.com/insightidr/ports-used-by-insightidr
I believe you would want the communication by the agent not happening through a collector as seen in the screenshots.
