Cases

Automation for the threats you know, cases for the ones you don’t

Learn more
Security team / Cases /
CrowdStrike alert, host: MARTIN-PC (#36297)
Created 2d ago by Cases bot • 0 comments
D
In progress
All activity
Comments
June 24, 2024
Cases bot created case #36297
4:32 PM
Cases bot added tag CrowdStrike
4:32 PM
Cases bot set priority to Medium
4:32 PM
Cases bot assigned
D
 Darren
4:32 PM
Cases bot added record 1.1.1.1
4:32 PM
Cases bot completed
4:32 PM
CrowdStrike Falcon alerts about a potential security incident
Add a comment...
Send
CrowdStrike alert, host: MARTIN-PC
Case metrics
TypeCase timeSLA timeMet SLA?
TTDTo be updated with TTD time60 minTo be updated with TTD SLA result
TTRTo be updated with TTR time4 hrTo be updated with TTR SLA result

CrowdStrike detection received: View details below for further detection, behavior, and IP enrichment information.

Runbook

Go to Runbook

Initial detection and triage
CrowdStrike Falcon alerts about a potential security incident
Confirm the severity and priority level
Gather basic information about the alert, including affected hosts, observed behaviors, and timestamps
Verify if the alert aligns with known threat intelligence or attack patterns
Incident notification and coordination
Notify stakeholders, including the incident response team, SOC, and relevant IT personnel
Establish clear lines of communication and assign roles to team members
Create and incident ticket or record in your incident management system
Containment and isolation
Identify affected hosts and isolate them from the network to prevent further compromise
Engage CrowdStrike’s containment capabilities, if available, to isolate the affected hosts
Consider applying network-based controls to block associated suspicious traffic
Leverage CrowdStrike’s threat intel and community forums to gather additional info
Response and mitigation
Based on the findings, develop a mitigation plan to address the incident effectively
Apply necessary patches, updates or configurations to address any vulnerabilities found
Identify compromised user accounts, credentials, or access rights, and revoke or reset them as appropriate
Implement necessary changes to security policies, configurations, or access controls to prevent future similar incidents.
Priority
Medium
Tags
CrowdStrike
Actions
Isolate hosts
Go
Lock user account
Go
Linked cases
Metadata
FieldValue
ImpactMedium
ResolutionIn progress
Closure comments
Case requirements
User assigned
Case metadata completed

Investigate, remediate, and report on an incident in a collaborative workspace with Tines’ powerful, intuitive case management.

Records

Capture data across workflows to report on this in a consistent, structured format.

Dashboards

Monitor and report on workflow performance with cases and records in one location.

Better automations, fewer cases, faster incident response

Bring humans into the loop when it matters for your business while workflows run to capture the rest. Cases make it easy to work on incident response and create an audit trail of the resolution.

Reduce friction without compromising on your technology

Automation often involves other teams – DevOps, IT, HROps – who work in other systems. Effectively collaborate across those systems and teams using cases.