Trigger a CrowdStrike Falcon Insight profile manually from a security incident

릴리스 버전: Australia

업데이트 날짜 2026년 03월 12일

소요 시간: 3분

Trigger a profile manually after you review a security incident.

시작하기 전에

Role required: admin

이 태스크 정보

Once you activate the profile, based on the configured trigger conditions, you can view the query results in the ServiceNow AI Platform security incidents. CrowdStrike Falcon Insight also enables you to run individual capabilities on Configuration Items (CIs) without using a profile.

프로시저

Navigate to All > Security Incidents > Show All Incidents.
Select the security incident that you want to review with the CrowdStrike Falcon Insight information.
In the related lists section, select Run EDR Profile(s).
Browse and select a profile from the list of available profiles.
Select Include Related CI to run this profile on all the related CIs of the profile.
For example, if there are five CIs associated with the security incident, then the selected profile runs on all the five CIs.
Click Submit.
The selected profile is triggered manually. You can review the work notes and activities section and the profile-initiated and profile-completed tags in the work notes section.
The results appear in the form of related lists such as Get File, Host Details, Logged on Users, Running Processes, Running Services, Network Statistics, and so on.
To run individual capabilities on a CI, perform the following steps:
1. In the Configuration Items related list, select the required CI.
2. Click the Actions on selected rows... drop-down list, and select the required capability that you want to run for the selected CI.
  For example, Isolate Host.
3. Look up the required capability implementation for the CI using the search option, and select CrowdStrike Falcon Insight Isolate Host.
4. Click Isolate Host to run it on the selected CI.

Trigger profile manually

Australia Security Management

Trigger a CrowdStrike Falcon Insight profile manually from a security incident

시작하기 전에

이 태스크 정보

프로시저