From 9518dcbd966be129cf91645de1fd39e60d34cad9 Mon Sep 17 00:00:00 2001
From: Charles Ngor <charles.ngor@sekoia.io>
Date: Mon, 16 Sep 2024 17:38:47 +0200
Subject: [PATCH] Add doc for Crowdstrike actions: isolate, deisolate

---
 .../endpoint/crowdstrike-falcon.md            | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/docs/integration/action_library/endpoint/crowdstrike-falcon.md b/docs/integration/action_library/endpoint/crowdstrike-falcon.md
index cc55cfb47c..d791a8c582 100644
--- a/docs/integration/action_library/endpoint/crowdstrike-falcon.md
+++ b/docs/integration/action_library/endpoint/crowdstrike-falcon.md
@@ -40,6 +40,26 @@ Block the provided IOC
 | `value` | `string` | The value of the IOC to block |
 | `type` | `string` | Type of the IOC to block: md5, sha256 |
 
+### Deisolate hosts
+
+Deisolate the provided hosts by their agent IDs
+
+**Arguments**
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `id` | `array` | The list of identifiers of agents to deisolate |
+
+### Isolate hosts
+
+Isolate the provided hosts by their agent IDs
+
+**Arguments**
+
+| Name      |  Type   |  Description  |
+| --------- | ------- | --------------------------- |
+| `id` | `array` | The list of identifiers of agents to isolate |
+
 ### Monitor IOC
 
 Enable detection for the provided IOC