▲ 4 r/crowdstrike
Workflow test
Hi all community members. I made Fusion workflow to kill process whis DNS request to malicious domain (Tactic & technique Falcon Intel via Intelligence Indicator - Domain). it`s looks like:
EPP Detection -> TRUE
IF
Tactic = Falcon Intel and Domain and Techinque = Intelligence Indicator - Domain ->TRUE
Kill Process
Device id = Sensor host id
Process ID=OS Process ID
AND
Send Email
==============================
Has anyone created such workflows, considering that the Falcon only detects such alerts but doesn't block them. Maybe the crowdstrike has a test domain for testing such rules?
u/EastBat2857 — 7 hours ago