Skip to main content

CrowdStrike Rapid IOC Hunting

This Playbook is part of the Deprecated Content (Deprecated) Pack.#

Deprecated

Use "CrowdStrike Rapid IOC Hunting v2" playbook instead.

DEPRECATED. Use "CrowdStrike Rapid IOC Hunting v2" playbook instead. Hunts for endpoint activity involving hash and domain IOCs, using Crowdstrike Falcon Host.This playbook also use AnalystEmail label to determine where to send an email alert if something is found.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • FalconHost

Scripts#

  • Exists
  • SendEmail

Commands#

  • cs-device-search
  • cs-device-ran-on

Playbook Inputs#

There are no inputs for this playbook.

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

CrowdStrike_Rapid_IOC_Hunting

Edit this page
Report an Issue