Skip to content

bk-cs/rtr

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

268 Commits
add_sensortag
add_sensortag
 
 
disable_service
disable_service
 
 
find_file
find_file
 
 
get_baseboard
get_baseboard
 
 
get_bios
get_bios
 
 
get_current_user
get_current_user
 
 
get_fileinfo
get_fileinfo
 
 
get_geolocation
get_geolocation
 
 
get_last_boot
get_last_boot
 
 
get_processor
get_processor
 
 
get_sensortag
get_sensortag
 
 
get_service
get_service
 
 
get_temp_file
get_temp_file
 
 
get_tpm
get_tpm
 
 
get_windows_key
get_windows_key
 
 
list_application
list_application
 
 
list_arp
list_arp
 
 
list_avproduct
list_avproduct
 
 
list_bitlocker_volume
list_bitlocker_volume
 
 
list_browser_extension
list_browser_extension
 
 
list_browser_history
list_browser_history
 
 
list_eventlog
list_eventlog
 
 
list_eventsource
list_eventsource
 
 
list_firewall_profile
list_firewall_profile
 
 
list_firewall_rule
list_firewall_rule
 
 
list_local_admin
list_local_admin
 
 
list_local_share
list_local_share
 
 
list_local_user
list_local_user
 
 
list_monitor
list_monitor
 
 
list_network_adapter
list_network_adapter
 
 
list_network_port
list_network_port
 
 
list_network_profile
list_network_profile
 
 
list_network_route
list_network_route
 
 
list_powershell_env
list_powershell_env
 
 
list_prefetch
list_prefetch
 
 
list_printer
list_printer
 
 
list_process
list_process
 
 
list_remote_share
list_remote_share
 
 
list_scheduled_task
list_scheduled_task
 
 
list_service
list_service
 
 
list_user_profile
list_user_profile
 
 
list_volume
list_volume
 
 
remove_sensortag
remove_sensortag
 
 
run_cli_tool
run_cli_tool
 
 
send_log
send_log
 
 
send_message
send_message
 
 
set_local_password
set_local_password
 
 
test_tcp_connection
test_tcp_connection
 
 
uninstall_app
uninstall_app
 
 
README.md
README.md
 
 

Repository files navigation

bk-cs/rtr

Scripts and schema for use with CrowdStrike Falcon Real-time Response and Falcon Fusion Workflows.

[ US-1 | US-2 | US-GOV-1 | EU-1 ]

NOTE: If you enter your Humio Cloud and Token values inside of the $Humio value at the beginning of each script, the results from the script will be output to Real-time Response and also sent to your Humio repository.

$Humio = @{ Cloud = 'https://cloud.community.humio.com'; Token = '<my_ingest_token_guid>' }

About

Real-time Response scripts and schema

Resources

Readme
Activity

Stars

106 stars

Watchers

17 watching

Forks

24 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages