The "Manage Containment on a Device in CrowdStrike" workflow template is designed for efficient endpoint management within CrowdStrike's EDR environment. It allows security teams to either contain or lift containment on a device, ensuring swift response to potential threats. By automating these actions, organizations can minimize downtime and maintain security posture, enhancing overall incident response capabilities.
Use Cases
Endpoint Detection and Response (EDR)
Workflow Breakdown
Check whether the host is online
If online, the host will either be contained or have containment lifted depending on user input
Check if the action was successful
Vendors
Utils, CrowdStrike
