Contact sales
Details

This incident response workflow allows you to create custom IOCs for observables in CrowdStrike from a playbook.

Description

This incident response workflow allows you to create custom IOCs for observables in CrowdStrike from a playbook. Supported observables: domain, IP, IPv6, MD5, SHA256.

Target: CrowdStrike

Steps:

  • Check if a severity was provided and, if not, see if one is required based on the action
  • Create a table for observables
  • For each selected observable:
    • Check if the observable type is supported and, if so, add it to the table
  • Check if any supported observables were found (if not, end the workflow)
  • For each observable:
    • Attempt to create a custom IOC in CrowdStrike
    • Check if creating the IOC was successful and update the workflow results
Required targets

This workflow requires the following targets to be available before it can be run.

Integration targets

  • CrowdStrike
About
Author
Cisco
Version
v1.1
Intent
Playbook Task
Integration
Average rating
No ratings yet
Authorship
Cisco Managed
Contact and support information
https://support.cisco.com
External links

Content Licensing

Developer Community

Related workflows
Logo for CrowdStrike Falcon
CrowdStrike - Contain Host
Cisco Managed
This workflow appears in the pivot menu and allows a user to contain a host in CrowdStrike.
Pivot Menu
Learn more
Logo for CrowdStrike Falcon
CrowdStrike - Contain Hosts
Cisco Managed
This incident response workflow allows you to contain hosts involved in an incident using CrowdStrike from a playbook or using an automation rule.
Incident Response
Learn more
Logo for CrowdStrike Falcon
CrowdStrike - Create Custom IOC
Cisco Managed
This workflow appears in the pivot menu and allows you to create an IOC in CrowdStrike for an observable.
Pivot Menu
Learn more
Logo for CrowdStrike Falcon
CrowdStrike - Create Custom IOCs for Observables
Cisco Managed
This incident response workflow allows you to create custom IOCs for observables in CrowdStrike from a playbook.
Playbook Task
Learn more
Logo for CrowdStrike Falcon
CrowdStrike - Delete Custom IOCs for Observables
Cisco Managed
This incident response workflow allows you to delete custom IOCs for observables in CrowdStrike from a playbook.
Playbook Task
Learn more
Logo for CrowdStrike Falcon
CrowdStrike - Get Vulnerability Summary for Assets
Cisco Managed
This incident response workflow allows to document a summary of vulnerabilities for hosts in an incident using CrowdStrike from a playbook or using an automation rule.
Incident Response
Learn more
Logo for CrowdStrike Falcon
CrowdStrike - Lift Containment for Hosts
Cisco Managed
This incident response workflow allows you to lift containment for hosts in CrowdStrike from a playbook or using an automation rule.
Incident Response
Learn more
Logo for CrowdStrike Falcon
CrowdStrike - Lift Host Containment
Cisco Managed
This workflow appears in the pivot menu and allows a user to lift containment for a host in CrowdStrike.
Pivot Menu
Learn more