Skip to main content

CrowdStrike Falcon - Get Endpoint Forensics Data

This Playbook is part of the CrowdStrike Falcon Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

This playbook extracts data from the host using RTR commands. For example, commands for getting a list of running processes and network connections.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

CrowdStrikeFalcon

Scripts#

This playbook does not use any scripts.

Commands#

  • cs-falcon-rtr-list-processes
  • cs-falcon-rtr-list-network-stats

Playbook Inputs#


NameDescriptionDefault ValueRequired
DeviceIdThe ID of the host to use.Optional

Playbook Outputs#


PathDescriptionType
CrowdStrike.CommandThe results of the forensics commands.string

Playbook Image#


CrowdStrike Falcon - Get Endpoint Forensics Data