To follow a recommendation to isolate a host from the network:
In the recommendation box, select Isolate <host name>.
This opens the host isolation settings window for the host from the event you are working on.
In the Disable isolation in field, enter the time in hours (1 to 9999) during which network isolation of the host will be active.
In the Exclusions to the host isolation rule settings group, in the Traffic direction list, select the direction of network traffic that must not be blocked:
Incoming/Outgoing.
Incoming.
Outgoing.
In the IP field, enter the IP address whose network traffic must not be blocked.
If you selected Incoming or Outgoing, in the Ports field enter the connection ports.
If you want to add more than one exclusion, click Add and repeat the steps to fill in the Traffic direction, IP and Ports fields.