Skip to main content
All CollectionsTemplatesBasic
Find all Hosts Impacted by an Open CVE in CrowdStrike - Workflow Template
Find all Hosts Impacted by an Open CVE in CrowdStrike - Workflow Template

Find all hosts in CrowdStrike that are impacted by a specific CVE and output the list of hostnames and remediation information provided.

Updated over 6 months ago

The "Find all Hosts Impacted by an Open CVE in CrowdStrike" workflow template is designed for businesses to identify and assess the impact of specific Common Vulnerabilities and Exposures (CVEs) within their digital infrastructure. Leveraging CrowdStrike's Endpoint Detection and Response (EDR) capabilities, this template facilitates the extraction of affected hostnames and associated remediation details, enabling organizations to swiftly address identified security gaps and reduce their cyber risk exposure.

Take Me to the Template

Optional Triggers

Slack,"Microsoft Teams"

Use Cases

Endpoint Detection and Response (EDR)

Workflow Breakdown

  1. Use as a nested workflow and provide the CVE to the workflow

  2. Gather all results for the specific CVE in CrowdStrike

  3. Gather remediation information if found.

  4. Output a list of hostnames that are affected by the CVE including remediation information.

Vendors

Utils, CrowdStrike

Workflow Output

A list of all impacted hostnames of a specific CVE with remediation information

Related Articles
Open a PagerDuty Incident on Host Detection (CrowdStrike) - Workflow Template
Create IOCs on Malicious Files from a CrowdStrike Incident - Workflow Template
Create IOCs on Malicious Files from a CrowdStrike Detection - Workflow Template
Request File Download From CrowdStrike Using Real Time Response - Workflow Template
Create Cases from Crowdstrike Detections found in Splunk - Workflow Template
Did this answer your question?