Video On Demand
Hitting the Easy Button: Remediating Malware at Scale via Falcon’s Real Time Response API
Ryan Campbell
Ryan Campbell
Runtime: 38:49
This talk demonstrates how to utilize Falcon's Real Time Response (RTR) API to remotely remediate infected systems at scale. Responding to incidents and remediating dozens or hundreds of hosts individually is not practical or cost-effective for widespread infections. By leveraging the power of the RTR API, and scripting via Python and PowerShell, the Falcon Complete team has developed a methodology that provides an alternative to address the limitations of manual remediation and system rebuilds. This talk covers the latest TrickBot variant as a case study and outlines how Falcon Complete automates the identification and remediation of high volumes of infected hosts.

Related Videos

Threat Hunting & Incident Response Tales From the Crypt 2020: Case Studies in Ransomware
Multiple Speakers CrowdStrike 16:12
Threat Hunting & Incident Response Drinking from the Tap: Network Security Monitoring
Multiple Speakers CrowdStrike 23:54
Threat Hunting & Incident Response Avoid the Breach, Save the Weekend: Lessons Learned with CrowdStrike Services
Tim Parisi CrowdStrike 19:25