Hitting the Easy Button: Remediating Malware at Scale via Falcon’s Real Time Response API
Ryan Campbell
Runtime: 38:49
This talk demonstrates how to utilize Falcon's Real Time Response (RTR) API to remotely remediate infected systems at scale. Responding to incidents and remediating dozens or hundreds of hosts individually is not practical or cost-effective for widespread infections. By leveraging the power of the RTR API, and scripting via Python and PowerShell, the Falcon Complete team has developed a methodology that provides an alternative to address the limitations of manual remediation and system rebuilds. This talk covers the latest TrickBot variant as a case study and outlines how Falcon Complete automates the identification and remediation of high volumes of infected hosts.
Related Videos
Tales From the Crypt 2020: Case Studies in Ransomware
Threat Hunting & Incident Response
Tales From the Crypt 2020: Case Studies in Ransomware
Multiple Speakers
CrowdStrike
16:12
Drinking from the Tap: Network Security Monitoring
Threat Hunting & Incident Response
Drinking from the Tap: Network Security Monitoring
Multiple Speakers
CrowdStrike
23:54
Avoid the Breach, Save the Weekend: Lessons Learned with CrowdStrike Services
Threat Hunting & Incident Response
Avoid the Breach, Save the Weekend: Lessons Learned with CrowdStrike Services
Tim Parisi
CrowdStrike
19:25
{Will be replaced by the modal content}