CrowdStrike Falcon Malware - Verify Containment Actions
CrowdStrike Falcon Pack.#
This Playbook is part of theSupported versions
Supported Cortex XSOAR versions: 6.5.0 and later.
This playbook verifies and sets the policy actions applied by CrowdStrike Falcon.
#
DependenciesThis playbook uses the following sub-playbooks, integrations, and scripts.
#
Sub-playbooksThis playbook does not use any sub-playbooks.
#
IntegrationsThis playbook does not use any integrations.
#
ScriptsSet
#
CommandsThis playbook does not use any commands.
#
Playbook InputsName | Description | Default Value | Required |
---|---|---|---|
PolicyBehaviourDetails | The path that contains the detection results. | Optional |
#
Playbook OutputsPath | Description | Type |
---|---|---|
Policy.State | Is the policy active? | string |
Host.State | Is the host isolated? | string |
Process.State | Was the process contained? | string |