CrowdStrike Falcon Malware - Verify Containment Actions
CrowdStrike Falcon Pack.#This Playbook is part of the
Supported Cortex XSOAR versions: 6.5.0 and later.
This playbook is part of the 'Malware Investigation And Response' pack. For more information, refer to https://xsoar.pan.dev/docs/reference/packs/malware-investigation-and-response. This playbook verifies and sets the policy actions applied by CrowdStrike Falcon.
This playbook uses the following sub-playbooks, integrations, and scripts.
This playbook does not use any sub-playbooks.
This playbook does not use any integrations.
This playbook does not use any commands.
|PolicyBehaviourDetails||The path that contains the detection results.||Optional|
|Policy.State||Is the policy active?||string|
|Host.State||Is the host isolated?||string|
|Process.State||Was the process contained?||string|