Skip to main content

CrowdStrike Rapid IOC Hunting v2

This Playbook is part of the FalconHost (Deprecated) Pack.#

Deprecated

Use CrowdStrike Falcon instead.

Hunt for endpoint activity involving hash and domain IOCs using Crowdstrike Falcon Host.\nAlso use AnalystEmail label to determine where to send an email alert if something is found.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • FalconHost

Scripts#

  • Exists

Commands#

  • cs-device-search
  • cs-device-ran-on
  • send-mail

Playbook Inputs#

There are no inputs for this playbook.

Playbook Outputs#

There are no outputs for this playbook.

Edit this page
Report an Issue