Back to Tech Center

How to automate workflows with Falcon Fusion and Real Time Response

March 25, 2022

Tech Center
CrowdStrike Tech Center


Security teams today are often overwhelmed by the number of security related tasks required to protect their environment. One avenue to alleviate this is to increase the level of automation provided by their security tools.

CrowdStrike’s Falcon Fusion is able to build out workflows to automate actions taken when specified conditions are met. In addition to performing built in actions, Falcon Fusion is also able to leverage customized scripts to execute almost any action on the endpoint.


The ability to customize the optional input and output parameters allows us a lot of flexibility within the script to capture the specific data to be used in the workflow.

Here is an example script. We can see that this script is expecting a file_path input property which can be captured by the input schema.


To capture the input, we’ll go to the input schema tab where we can use json schema to define our properties.

To simplify its creation, Falcon also provides the ability to enter a json string and convert it to a formatted json schema.

Convert json to json schema

When creating a workflow, you can now use the Real Time Response scripts that you have created.

Fusion workflow with a script

After creating a script with an output schema, we can now choose one of the parameters as a condition for actions further down in the workflow.

Fusion workflow with an output


Real time response with Falcon Fusion provides highly customizable workflows that can use scripts to capture inputs from other workflow stages and provide outputs to further hone the conditions for which actions are to be performed.

This capability will help automate security tasks, reducing the burden on security teams and help prevent breaches.

More resources

Related Content