You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -6,11 +6,12 @@ CrowdStrike Falcon® Contain GUI for more powerful and rapid host containment
Falcon®'s host contain action is powerful, but very limited within the Falcon® console. This tool utilizes the CrowdStrike API to issue host containment actions based on hostname wildcards, IP ranges, defined host groups in Falcon®, or user-specified agent IDs (AID). This tool can be useful for security operations teams needing to quickly contain groups of machines to prevent widespread infection and/or encryption of systems.
## Requirements
1. CrowdStrike Falcon® API Client ID and Secret with query and contain/uncontain rights (Scope: hosts, read + write)
2. The Falcon® API endpoint URL for your tenant
3. A GUI (non-Server Core) Windows install that can run PowerShell. No additional PowerShell modules or libraries are required.
4. FalconContain.ps1 from this repository
5. Familiarity with the Falcon® Query Lancuage (FQL) if you intend to contain/uncontain hosts in this manner
1. CrowdStrike Falcon® API Client ID and Secret with query and contain/uncontain rights
- Scope: Hosts, Rights: read + write
3. The Falcon® API endpoint URL for your tenant
4. A GUI (non-Server Core) Windows install that can run PowerShell. No additional PowerShell modules or libraries are required.
5. FalconContain.ps1 from this repository
6. Familiarity with the Falcon® Query Lancuage (FQL) if you intend to contain/uncontain hosts in this manner
