CrowdStrike Falcon - Search Endpoints By Hash
CrowdStrike Falcon Pack.#
This Playbook is part of theSupported versions
Supported Cortex XSOAR versions: 6.5.0 and later.
This playbook is part of the 'Malware Investigation And Response' pack. For more information, refer to https://xsoar.pan.dev/docs/reference/packs/malware-investigation-and-response. This playbook searches across the organization for other endpoints associated with a specific SHA256 hash.
#
DependenciesThis playbook uses the following sub-playbooks, integrations, and scripts.
#
Sub-playbooksThis playbook does not use any sub-playbooks.
#
IntegrationsCrowdStrikeFalcon
#
ScriptsThis playbook does not use any scripts.
#
Commands- cs-falcon-device-ran-on
- endpoint
- cs-falcon-device-count-ioc
#
Playbook InputsName | Description | Default Value | Required |
---|---|---|---|
FileSha256 | The SHA256 file hash to search for. | Optional | |
HostId | The ID of the host that originated the detection. | Optional |
#
Playbook OutputsPath | Description | Type |
---|---|---|
Endpoint | string | |
CrowdStrike.IOC.DeviceCount | The number of devices the IOC ran on. | number |