Skip to main content

CrowdStrike Falcon Malware - Verify Containment Actions

This Playbook is part of the CrowdStrike Falcon Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

This playbook verifies and sets the policy actions applied by CrowdStrike Falcon.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

This playbook does not use any integrations.

Scripts#

Set

Commands#

This playbook does not use any commands.

Playbook Inputs#


NameDescriptionDefault ValueRequired
PolicyBehaviourDetailsThe path that contains the detection results.Optional

Playbook Outputs#


PathDescriptionType
Policy.StateIs the policy active?string
Host.StateIs the host isolated?string
Process.StateWas the process contained?string

Playbook Image#


CrowdStrike Falcon Malware - Verify Containment Actions