forked from splunk/security_content
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCrowdStrike_OAuth_API_File_Eviction.yml
More file actions
31 lines (31 loc) · 1.09 KB
/
CrowdStrike_OAuth_API_File_Eviction.yml
File metadata and controls
31 lines (31 loc) · 1.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
name: CrowdStrike OAuth API File Eviction
id: 4750935c-0105-416f-aca4-0d7a4207666d
version: 1
date: '2025-06-09'
author: Christian Cloutier, Splunk
type: Response
description: "Accepts a hostname or device id as well as a file path as input and deletes the file from a device in Crowdstrike. We then generate an observable report as well as a Markdown formatted report. Both reports can be customized based on user preference."
playbook: CrowdStrike_OAuth_API_File_Eviction
how_to_implement: This input playbook requires the CrowdStrike OAuth API connector to be configured. It is designed to work with an endpoint hostname or device id and delete a specific file from the endpoint (using an absolute path) for use in automation playbooks.
references: []
app_list:
- CrowdStrike OAuth API
tags:
platform_tags:
- "host name"
- "device id"
- "path"
- "File Eviction"
- "D3-FEV"
- "CrowdStrike_OAuth_API"
playbook_type: Input
vpe_type: Modern
playbook_fields: [device,path]
product:
- Splunk SOAR
use_cases:
- Response
- Malware
- Endpoint
defend_technique_id:
- D3-FEV