CrowdStrike OAuth API

This app integrates with CrowdStrike OAuth2 authentication standard to implement querying of endpoint security data

Supported Actions

• test connectivity: Validate the asset configuration for connectivity. This action logs into the site to check the connection and credentials
• query device: Fetch the device details based on the provided query
• list groups: Fetch the details of the host groups
• quarantine device: Block the device
• unquarantine device: Unblock the device
• assign hosts: Assign one or more hosts to the static host group
• remove hosts: Remove one or more hosts from the static host group
• create session: Initialize a new session with the Real Time Response cloud
• delete session: Deletes a Real Time Response session
• list sessions: Lists Real Time Response sessions
• run command: Execute an active responder command on a single host
• run admin command: Execute an RTR Admin command on a single host
• get command details: Retrieve results of an active responder command executed on a single host
• list session files: Get a list of files for the specified RTR session
• get incident behaviors: Get details on behaviors by providing behavior IDs
• update incident: Perform a set of actions on one or more incidents, such as adding tags or comments or updating the incident name or description
• list users: Get information about all users in your Customer ID
• get user roles: Gets the roles that are assigned to the user
• list roles: Get information about all user roles from your Customer ID
• get role: Get information about all user roles from your Customer ID
• list crowdscores: Query environment wide CrowdScore and return the entity data
• get incident details: Get details on incidents by providing incident IDs
• list incident behaviors: Search for behaviors by providing an FQL filter, sorting, and paging details
• list incidents: Search for incidents by providing an FQL filter, sorting, and paging details
• get session file: Get RTR extracted file contents for the specified session and sha256 and add it to the vault
• set status: Set the state of a detection in Crowdstrike Host
• get system info: Get details of a device, given the device ID
• get process detail: Retrieve the details of a process that is running or that previously ran, given a process ID
• hunt file: Hunt for a file on the network by querying for the hash
• hunt domain: Get a list of device IDs on which the domain was matched
• upload put file: Upload a new put-file to use for the RTR `put` command
• get indicator: Get the full definition of one or more indicators that are being watched
• list custom indicators: Queries for custom indicators in your customer account
• list put files: Queries for files uploaded to Crowdstrike for use with the RTR `put` command
• on poll: Callback action for the on_poll ingest functionality
• list processes: List processes that have recently used the IOC on a particular device
• upload indicator: Upload one or more indicators that you want CrowdStrike to watch
• delete indicator: Delete an indicator that is being watched
• update indicator: Update an indicator that has been uploaded
• file reputation: Queries CrowdStrike for the file info
• url reputation: Queries CrowdStrike for the url info
• download report: To download the report of the provided artifact id
• detonate file: Upload a file to CrowdStrike and retrieve the analysis results
• detonate url: Upload an url to CrowdStrike and retrieve the analysis results
• check status: To check detonation status of the provided resource id