Skip to main content

Workflow Template: Scan Device in CrowdStrike with Socrates

Initiate a scan on a device in CrowdStrike using Socrates. This workflow serves as a wrapper for the 'Scan Device in CrowdStrike' workflow

Updated yesterday

The "Scan Device in CrowdStrike with Socrates" workflow template streamlines endpoint security by automating device scans within CrowdStrike. Designed for efficient incident response, it queries users for comments, extracts device IDs from cases, and initiates scans using the "Scan Device in CrowdStrike" workflow. Successful scans result in case notes, enhancing security operations and documentation. Ideal for Endpoint Detection and Response (EDR) tasks.

Take Me to the Template

Use Cases

Endpoint Detection and Response (EDR) , Function

Workflow Breakdown

  1. Queries the user for a comment for the action

  2. The device ID is extracted from the corresponding case or it can be provided in the user query (for use with Socrates Off-Case)

  3. The 'Scan Device in CrowdStrike' workflow is called

  4. If the workflow is successful, a note is added to the associated case

Vendors

Utils, HTTP, CrowdStrike, Torq Cases

Related Articles
Workflow Template: Socrates Tool - Scan Device on SentinelOne
Workflow Template: Manage containment on a device in CrowdStrike with Socrates
Workflow Template: QuickAction - Manage containment on a device in CrowdStrike
Workflow Template: Scan Device in CrowdStrike
Workflow Template: QuickAction - Scan Device in CrowdStrike
Did this answer your question?