Skip to main content

CrowdStrike Falcon - Search Endpoints By Hash

This Playbook is part of the CrowdStrike Falcon Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

This playbook is part of the 'Malware Investigation And Response' pack. For more information, refer to https://xsoar.pan.dev/docs/reference/packs/malware-investigation-and-response. This playbook searches across the organization for other endpoints associated with a specific SHA256 hash.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

CrowdStrikeFalcon

Scripts#

This playbook does not use any scripts.

Commands#

  • cs-falcon-device-ran-on
  • endpoint
  • cs-falcon-device-count-ioc

Playbook Inputs#


NameDescriptionDefault ValueRequired
FileSha256The SHA256 file hash to search for.Optional
HostIdThe ID of the host that originated the detection.Optional

Playbook Outputs#


PathDescriptionType
Endpointstring
CrowdStrike.IOC.DeviceCountThe number of devices the IOC ran on.number

Playbook Image#


CrowdStrike Falcon - Search Endpoints By Hash