Search Endpoints By Hash - CrowdStrike

Hunts for endpoint activity involving hash and domain IOCs, using Crowdstrike Falcon Host.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

  • FalconHost

Scripts

This playbook does not use any scripts.

Commands

  • cs-device-details
  • cs-device-ran-on

Playbook Inputs


NameDescriptionDefault ValueSourceRequired
MD5HashThe MD5 file hash.MD5FileOptional
SHA1HashThe SHA1 file hash.SHA1FileOptional
SHA256HashThe SHA256 file hash.SHA256FileOptional

Playbook Outputs


PathDescriptionType
Endpoint.HostnameThe device hostname.string
EndpointThe endpoint.unknown

Playbook Image


Search_Endpoints_By_Hash_CrowdStrike