CrowdStrike - Get Incident Behaviors by Incident ID
Details
This atomic belongs to the CrowdStrike atomic group.
Fetches information about behaviors related to an incident from CrowdStrike using an incident ID.
Target: CrowdStrike integration target or an HTTP Endpoint for "api.crowdstrike.com"
Account Key: None if using an integration-provided target, access token if using an HTTP Endpoint target
Steps:
[] Build the authorization header
[] Request for incident behaviors
[] Check if the API request succeeded:
[]> If it did, extract the results and set the output variable
[]> If it didn't, output an error
More information about this API: https://falcon.us-2.crowdstrike.com/documentation/86/detections-monitoring-apis#find-behaviors
About
Integration
Authorship
Cisco Managed