Blink Automation: Isolate or Unisolate Device on CrowdStrike

EXPLORE BY SECURITY

EXPLORE BY INFRASTRUCTURE

EXPLORE BY LICENSE

Basic

Featured

EXPLORE BY VENDOR

Adobe Cloud

Anodot

Apex One

Asana

auth0

Authomize

AWS

AWS SSO

Azure

Azure Active Directory

Azure DevOps

Azure Log Analytics

BambooHR

BigPanda

Bitbucket

Bitsight

Black Kite

Blink

Box

Cato Networks

Check Point Harmony

Check Point Management

Cloudflare

Compass

Confluence

Coralogix

Cortex XDR

CrowdStrike

Datadog

DataSet

Discord

Domo

Drata

Dropbox

Duo

Dynatrace

Elasticsearch

Email

Ermetic

Exchange Online

F5 BIG IP

Falcon Surface

Forcepoint DLP

FortiGate

Freshservice

GCP

Git

GitHub

GitLab

Gmail

Google Chat

Google Docs

Google Drive

Google Looker

Google Sheets

Google Workspace

Grafana

HiBob

HubSpot

Hybrid Analysis

Imperva

Intercom

IPinfo

Ironscales

Ivanti RiskSense

Jamf

JetBrains

JFrog

Jira

Joe Sandbox

JumpCloud

Kandji

KnowBe4

Kubernetes

LaunchDarkly

Linear

Litmos

LogicMonitor

Microsoft Defender For Cloud

Microsoft Defender For Cloud Apps

Microsoft Defender For Endpoints

Microsoft Intune

Microsoft Outlook

Microsoft Sentinel

Microsoft Teams

Monday

MongoDB Atlas

New Relic

Notion

Okta

OneDrive

OpenAI

Opsgenie

OPSWAT

Oracle Cloud

Orca Security

OWASP ZAP

PagerDuty

Palo Alto Firewall

Panther

Perception Point

Pingdom

Postman

Postman SCIM

Prisma Cloud CSPM

Prisma Cloud CWP

Prometheus

Proofpoint

QRadar

Qualys

Rapid7

Reco

Recorded Future

Rippling

SailPoint

Salesforce

SentinelOne

Sentra

ServiceNow

SharePoint

Shodan

Shopify

Silverfort

Slack

Snipe-IT

Snyk

SolarWinds Service Desk

SonarQube

Split

Splunk

Sumo Logic

Symantec EDR

Tanium

TeamCity

TeamViewer

Telegram

Tenable

Terraform

Terraform Cloud

Trello

Veracode

VirusTotal

VMware vSphere

WhatsApp

Wiz

Workspace ONE UEM

YesWeHack

Zendesk

Zoom

Zscaler Internet Access

Zscaler Private Access

Security3,745 Automations

Cloud Security

+ 27

347

Email Security

+ 5

115

SOC & Incident Response

+ 15

300

Data Security

+ 16

245

SaaS Security

+ 12

168

Compliance & Governance

+ 15

1213

Endpoint Security

+ 17

456

Network Security

+ 9

245

Threat Hunting

+ 22

469

Identity & Access

+ 18

305

Vulnerability Management

+ 4

170

HR Security

+ 14

181

Credential Security

2

Code Security

38

Utilities

+ 21

540

Infrastructure4,323 Automations

Resource Creation

+ 6

459

Network Management

1022

Identity Access Management

+ 9

583

CI/CD

+ 2

388

Storage Management

+ 6

1129

Developer Platform

+ 27

778

Cost Optimization

+ 5

169

Compute Management

+ 1

1016

Backup & Migration

2

Kubernetes Management

+ 3

346

Observability & Monitoring

+ 16

1574

Incident Response

+ 13

388

No-code automation for CloudOps
Purpose-built for DevOps and SecOps

Follow us on

ResourcesDocumentation How-to guides

CompanyAbout us Careers Blog Contact us

LegalPrivacy policy Terms of service

© 2022 Blink. All rights reserved.

Isolate or Unisolate Device on CrowdStrike

Isolate or Unisolate Device on CrowdStrike

Isolates or Unisolates the specific device with a CrowdStrike action. Fast and easy response for a suspicious device. All the related measures are taken: Notify the owner and update the ticket in ServiceNow. It sends a Slack message to the owner of the device that the action has been performed and updates an incident ticket in ServiceNow. All you need is the device’s ID and the device’s owner's email. For unisolate, you’ll also need the ticket ID( ”sys_id” ) of the previously opened ticket in ServiceNow.

Breakdown

Create ticket descriptions for ServiceNow.
If action type is Isolate Device- Isolate the device and create ticket in ServiceNow.
If the action type is not Isolate Device, lift device isolation and close the existing ticket in ServiceNow.
Notify the device owner via Slack.

TRIGGER: On-Demand

action_type

device

owner_email

ticket_id

Steps

1

Ticket description for the isolated action

2

Reason to close ServiceNow ticket after unisolating the device

3

If Action Type is Isolate Device

4

Isolate devices

5

Create record

6

Else(S3 | if

{{inputs.action_type}}

action_type

EqualsIsolate Device)is false

7

Lift device isolation

8

Close existing incident

Notify the device's owner about the performed action

9

Send Message To Owner's Email

End

OUTPUTS

No outputs