Search Endpoints By Hash - CrowdStrike

Hunts for endpoint activity involving hash and domain IOCs, using Crowdstrike Falcon Host.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • FalconHost

Scripts#

This playbook does not use any scripts.

Commands#

  • cs-device-details
  • cs-device-ran-on

Playbook Inputs#


NameDescriptionDefault ValueSourceRequired
MD5HashThe MD5 file hash.MD5FileOptional
SHA1HashThe SHA1 file hash.SHA1FileOptional
SHA256HashThe SHA256 file hash.SHA256FileOptional

Playbook Outputs#


PathDescriptionType
Endpoint.HostnameThe device hostname.string
EndpointThe endpoint.unknown

Playbook Image#


Search_Endpoints_By_Hash_CrowdStrike