Skip to main content

Workflow Template: Manage containment on a device in CrowdStrike

This workflow is meant to be used as a nested workflow that will either contain or lift containment on a device in CrowdStrike

Updated over 3 weeks ago

The "Manage Containment on a Device in CrowdStrike" workflow template is designed for businesses utilizing Endpoint Detection and Response (EDR) solutions. It enables security teams to efficiently manage device containment within CrowdStrike, offering options to either "Contain" or "Lift Containment" on a specified device. This workflow ensures that devices are securely managed, minimizing potential threats and maintaining operational integrity.

Take Me to the Template

Use Cases

Endpoint Detection and Response (EDR)

Workflow Breakdown

  1. Check whether the host is online

  2. If online, the host will either be contained or have containment lifted depending on user input

  3. Check if the action was successful

Vendors

Utils, CrowdStrike

Related Articles
Workflow Template: Manage containment on a device in CrowdStrike with Socrates
Workflow Template: QuickAction - Manage containment on a device in CrowdStrike
Workflow Template: Scan Device in CrowdStrike
Workflow Template: QuickAction - Scan Device in CrowdStrike
Workflow Template: Scan Device in CrowdStrike with Socrates
Did this answer your question?