▲ 10 r/crowdstrike
Can CrowdStrike SOAR be used for historical host detection lookup?
Hi everyone,
Can this be done using CrowdStrike SOAR or a similar platform?
Requirement is:
When a host gets a High or Critical detection, automatically look back at that host’s previous High/Critical detections and show:
- Detection time
- Detection type
- Severity
- Repeat occurrences/history
Main goal is to give analysts quick historical context during investigation.
Has anyone implemented this in CrowdStrike SOAR, SIEM, or XDR workflows? Would appreciate recommended approaches or playbook ideas.
u/StructureNo9257 — 5 days ago