Playbook: CrowdStrike OAuth API File Collection
Description
Accepts a hostname or device id as well as a file path as input and collects the file to the event File Vault from a device in Crowdstrike. An artifact is created from the collected file. We then generate an observable report as well as a Markdown formatted report. Both reports can be customized based on user preference.
Apps
How To Implement
This input playbook requires the CrowdStrike OAuth API connector to be configured. It is designed to work with an endpoint hostname or agent id and collect a specific file from the endpoint (using an absolute path) for forensics or later use in automation playbooks.
Explore Playbook
Click the playbook screenshot to explore in more detail!
Required fields
-
device
-
path
Reference
source | version: 1