Merge pull request #2006 from SEKOIA-IO/doc/cwd-actions

Add doc for Crowdstrike actions: isolate, deisolate
SEKOIA-IO · Sep 17, 2024 · 5ba0069 · 5ba0069
2 parents ca4fa45 + 9518dcb
commit 5ba0069
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/docs/integration/action_library/endpoint/crowdstrike-falcon.md b/docs/integration/action_library/endpoint/crowdstrike-falcon.md
@@ -40,6 +40,26 @@ Block the provided IOC
 | `value` | `string` | The value of the IOC to block |
 | `type` | `string` | Type of the IOC to block: md5, sha256 |
 
+### Deisolate hosts
+
+Deisolate the provided hosts by their agent IDs
+
+**Arguments**
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `id` | `array` | The list of identifiers of agents to deisolate |
+
+### Isolate hosts
+
+Isolate the provided hosts by their agent IDs
+
+**Arguments**
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `id` | `array` | The list of identifiers of agents to isolate |
+
 ### Monitor IOC
 
 Enable detection for the provided IOC