|
|
| (4 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| = CrowdStrike – Steps to Quarantine an Infected Host =
| | [[Main Page | Home]] > [[CrowdStrike]] |
|
| |
|
| == Purpose ==
| | * [[Steps to Quarantine an Infected Host]] |
| To quarantine (network contain) an infected host using the CrowdStrike Admin Console and to lift the containment after remediation.
| |
| | |
| == Prerequisites ==
| |
| | |
| * Access to CrowdStrike Admin Console
| |
| | |
| * Hostname of the infected system | |
| | |
| == Steps to Quarantine an Infected Host ==
| |
| | |
| === Step 1: Login ===
| |
| | |
| * Login to the CrowdStrike Admin Console.
| |
| | |
| === Step 2: Identify the Host ===
| |
| | |
| * Navigate to:
| |
| → Host Setup and Management → Host Management
| |
| | |
| * Identify the infected host using its hostname.
| |
| | |
| (Note: For this document, an R&D host is used.)
| |
| | |
| === Step 3: Filter Host by Hostname ===
| |
| | |
| * Click on "Add filters"
| |
| | |
| * Search and select "Hostname"
| |
| | |
| * Select "Equals"
| |
| | |
| * Enter the <hostname> of the machine to be quarantined
| |
| | |
| * Select the <host>
| |
| | |
| * Click "Apply"
| |
| | |
| === Step 4: Network Contain the Host ===
| |
| | |
| * Click on the identified host
| |
| | |
| * A details panel will open on the right side
| |
| | |
| * Click on "Actions"
| |
| | |
| * Select "Network Contain Host"
| |
| | |
| === Step 5: Pre-Containment Check ===
| |
| | |
| * Verify network connectivity before containment
| |
| | |
| * Ping the host IP
| |
| | |
| * Ping should be successful
| |
| | |
| === Step 6: Confirm Containment ===
| |
| | |
| * A confirmation pop-up will appear
| |
| | |
| * Enter the reason for containment
| |
| | |
| * Confirm the containment action
| |
| | |
| === Step 7: Containment Status ===
| |
| | |
| * Initial status: Containment Pending
| |
| | |
| * Final status: Contained
| |
| | |
| * Result:
| |
| | |
| - The system is successfully contained and all network communication is blocked.
| |
| | |
| == Steps to Lift Network Containment ==
| |
| | |
| === Step 1: Select Host ===
| |
| | |
| * Click on the <contained host>
| |
| | |
| * Click on "Actions"
| |
| | |
| === Step 2: Lift Containment ===
| |
| | |
| * Select "Lift Network Containment"
| |
| | |
| * Enter the reason for lifting containment
| |
| | |
| * Click "Lift Containment"
| |
| | |
| * Confirm the action
| |
| | |
| === Step 3: Status After Lift ===
| |
| | |
| * Network Containment status changes to Normal
| |
| | |
| * Host regains normal network communication
| |
