CrowdStrike - Execute Real Time Response Command
Details
This atomic belongs to the CrowdStrike atomic group.
Executes a real time response command in CrowdStrike using an existing real time response session.
Target: CrowdStrike integration target or an HTTP Endpoint for "api.crowdstrike.com"
Account Key: None if using an integration-provided target, access token if using an HTTP Endpoint target
Steps:
[] Set the request URL based on the requested user role
[] Build the authorization header
[] Build the request payload
[] Execute the command
[] Check if the request was successful:
[]> If it was, extract the cloud request ID and set the output variable
[]> If it wasn't, return an error
More information about this API can be found in the CrowdStrike documentation.
About
Integration
Authorship
Cisco Managed