This Torq workflow template offers a robust response to critical cybersecurity threats. When CrowdStrike detects a high or critical threat incident, the workflow triggers, extracting event details to determine the severity. If the event is graded as high or critical, VirusTotal further enriches Indicator of Compromise (IOC) details. Finally, the workflow automates the creation of an incident in PagerDuty with the appropriate service ID and escalation policy, ensuring rapid response and resolution of the security threat.
Trigger
CrowdStrike
Optional Triggers
Webhook
Use Cases
Endpoint Detection and Response (EDR)
Workflow Breakdown
Receive an event from CrowdStrike
Pull the event details from the detection ID in CrowdStrike
If event is either Critical or High enrich the event IOC with VirusTotal
Open incident with PagerDuty with the configured escalation policy and service id
Vendors
PagerDuty, Utils, VirusTotal, CrowdStrike
Workflow Output
Incident creation in PagerDuty
Tips
Modify the first \"Set Workflow Variables\" step to match your environment