Set up the Endpoint Detection playbook

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:1分

    • Use the following steps to set up the Endpoint Detection playbook.

    始める前に

    Role required:
    • sn_si.admin
    • flow_designer

    Make sure you have installed Security Operations Spoke (sn_sec_spoke).

    手順

    1. Login as a user with sn_si.user and flow_designer roles.
    2. Navigate to All > Flow Designer and select the Endpoint Detection playbook.
    3. オプション: You can create a copy of the Endpoint Detection playbook flow and make the necessary modifications.
      To create a copy of the playbook's flow, click the More actions menu icon and select Copy flow. Perform this step only if you plan to customize or make specific changes to the flow.
      図 : 1. Endpoint Detection playbook
      Overview of the Endpoint Detection playbook
    4. Activate the playbooks.
      • Activate the main flow to use the playbook available in the base system.
      • Activate the copied flows after making the required changes.
    5. Set a Trigger Condition for the playbook.
      This playbook is triggered and associated with the security incident when the following conditions are met:
      • Category is Malicious code activity.
      • Short description is CrowdStrike Detection Alerts.

      Trigger condition for Endpoint Detection playbook.