Process and File Remediation with Real Time Response

Introduction

CrowdStrike goes beyond traditional endpoint protection by providing extensive visibility and remediation capabilities across multiple platforms, such as Windows, MacOS, and Linux. CrowdStrike Real Time Response provides a robust remote access tool that can remediate almost all types of malicious activity performed by an adversary. 

Video

Stop processes

Real time response provides a list of commands that we can execute as well as the ability to run customized scripts. Accessed directly from the CrowdStrike Falcon console, it is easy to connect to a host directly and repair any damage with a comprehensive list of commands.

Crowdstrike RTR Command List

We can easily view running processes and kill any malicious process. This allows the analyst to stop processes that may be currently spreading throughout the environment.

RTR Kill Process

In conjunction with the ability to kill a process, we can also remove files and directories from the file system.

RTR Remove File

Conclusion

Here we took a look at just a sliver of what Real Time Response is capable of, but even so, we can see that it’s extremely powerful, flexible, and easy to use. It allows responders to rapidly investigate incidents and remediate any issues identified and is available for Windows, MacOS, and Linux.

More resources

 

CrowdStrike Falcon Free Trial
 

Try CrowdStrike Free for 15 Days Get Started with A Free Trial