Skip to main content

Workflow Template: Manage containment on a device in CrowdStrike

This workflow is meant to be used as a nested workflow that will either contain or lift containment on a device in CrowdStrike

Updated this week

The "Manage Containment on a Device in CrowdStrike" workflow template is designed for efficient endpoint management within CrowdStrike's EDR environment. It allows security teams to either contain or lift containment on a device, ensuring swift response to potential threats. By automating these actions, organizations can minimize downtime and maintain security posture, enhancing overall incident response capabilities.

Take Me to the Template

Use Cases

Endpoint Detection and Response (EDR)

Workflow Breakdown

  1. Check whether the host is online

  2. If online, the host will either be contained or have containment lifted depending on user input

  3. Check if the action was successful

Vendors

Utils, CrowdStrike

Related Articles
Workflow Template: Manage containment on a device in CrowdStrike with Socrates
Workflow Template: QuickAction - Manage containment on a device in CrowdStrike
Workflow Template: Scan Device in CrowdStrike
Workflow Template: QuickAction - Scan Device in CrowdStrike
Workflow Template: Scan Device in CrowdStrike with Socrates
Did this answer your question?