Skip to main content

Workflow Template: QuickAction - Get Device Details using CrowdStrike

This workflow will take in host device name and return a case note with all the relevant CrowdStrike information including the device ID

Updated this week

The "QuickAction - Get Device Details using CrowdStrike" workflow template streamlines the process of retrieving detailed information about a device within the CrowdStrike platform. By querying a device's hostname, this workflow checks for its existence, retrieves its ID, and gathers comprehensive device details. This information is then formatted and added as a note to a case, enhancing incident response and endpoint detection capabilities. Ideal for security teams, this workflow simplifies device management and enriches case documentation.

Take Me to the Template

Use Cases

Endpoint Detection and Response (EDR) , Function

Workflow Breakdown

  1. The user is queried for an endpoint host name

  2. Check whether a device by that name exists and if so return the device ID

  3. Get the device details by ID

  4. Add a formatted note to the case

Vendors

Utils, CrowdStrike, Torq Cases

Related Articles
Workflow Template: Download File From Host Using CrowdStrike RTR with Socrates
Workflow Template: QuickAction - Download File From Host Using CrowdStrike RTR
Workflow Template: QuickAction - Scan Device in CrowdStrike
Workflow Template: Scan Device in CrowdStrike with Socrates
Workflow Template: QuickAction - Run Command on CrowdStrike Host
Did this answer your question?