Skip to main content

Workflow Template: Scan Device in CrowdStrike

This workflow will initiate a scan for a machine associated to a CrowdStrike case.

Updated over 3 weeks ago

The "Scan Device in CrowdStrike" workflow template is designed for efficient endpoint detection and response (EDR) using CrowdStrike. It automates the process of checking a host's online status before initiating a scan. If the host is online, the workflow starts the scan and periodically checks the scan's progress every 30 seconds until completion. This ensures timely detection and response to potential threats, enhancing security operations.

Take Me to the Template

Use Cases

Endpoint Detection and Response (EDR) , Function

Workflow Breakdown

  1. Check whether the host is online and exit if not

  2. If online, the scan is initiated; workflow then pauses to allow the scan to get underway

  3. Re-query the host every 30 seconds until the scan is completed

Vendors

Utils, HTTP, CrowdStrike

Related Articles
Workflow Template: Manage containment on a device in CrowdStrike
Workflow Template: QuickAction - Download File From Host Using CrowdStrike RTR
Workflow Template: QuickAction - Scan Device in CrowdStrike
Workflow Template: Scan Device in CrowdStrike with Socrates
Workflow Template: QuickAction - Run Command on CrowdStrike Host
Did this answer your question?