Skip to main content

Workflow Template: QuickAction - Scan Device in CrowdStrike

Initiate a scan on a CrowdStrike device using a QuickAction button. This serves as a wrapper for the 'Scan Device in CrowdStrike' workflow

Updated yesterday

The "QuickAction - Scan Device in CrowdStrike" workflow template streamlines the process of initiating a device scan within CrowdStrike, enhancing endpoint detection and response capabilities. By leveraging a QuickAction button, users can efficiently trigger a scan on a specified device, ensuring swift action in incident response scenarios. This workflow automates the extraction of device IDs and logs scan results directly into the associated case, optimizing security operations.

Take Me to the Template

Use Cases

Endpoint Detection and Response (EDR) , Function

Workflow Breakdown

  1. Query the user for a comment for the action

  2. The device ID is extracted from the corresponding case

  3. If the action is successful, a note is added to the associated case

Vendors

Utils, HTTP, CrowdStrike, Torq Cases

Related Articles
Workflow Template: QuickAction - Scan Device on SentinelOne
Workflow Template: Manage containment on a device in CrowdStrike with Socrates
Workflow Template: QuickAction - Manage containment on a device in CrowdStrike
Workflow Template: Scan Device in CrowdStrike
Workflow Template: Scan Device in CrowdStrike with Socrates
Did this answer your question?