Pulls a list of new CrowdStrike Detections, flags them as in progress in CrowdStrike, and gets the detection details for each one. The individual behaviors are examined for each detection, and the process hash is checked in VirusTotal to see if it is known as malicious. Where there is a provided IOC as part of the behavior, this is also checked in VirusTotal. A Jira ticket is created for each Detection, and a message is sent to a Microsoft Teams channel.
How it works
Import this story to your tenant, from where you can adapt it to meet your unique needs.
Import