CrowdStrike Falcon - Get Endpoint Forensics Data
CrowdStrike Falcon Pack.#This Playbook is part of the
Supported Cortex XSOAR versions: 6.5.0 and later.
This playbook is part of the 'Malware Investigation And Response' pack. For more information, refer to https://xsoar.pan.dev/docs/reference/packs/malware-investigation-and-response. This playbook extracts data from the host using RTR commands. For example, commands for getting a list of running processes and network connections.
This playbook uses the following sub-playbooks, integrations, and scripts.
This playbook does not use any sub-playbooks.
This playbook does not use any scripts.
|DeviceId||The ID of the host to use.||Optional|
|CrowdStrike.Command||The results of the forensics commands.||string|