chronicle · salvatoreasammito · Apr 22, 2026 · Apr 23, 2026 · Apr 23, 2026
@@ -0,0 +1,28 @@
+identifier: ea843f06-858d-44de-a1ac-936a2835f782
+is_enable: true
+version: 0.0
+name: CrowdStrike Falcon Enrichment
+description: This block enriches case entities using CrowdStrike Falcon host data.
+    It evaluates whether IP address or hostname entities are present, conditionally
+    retrieves host information from CrowdStrike Falcon, and returns the enrichment
+    results to the parent playbook for downstream decision\u2011making.
+debug_alert_identifier: null
+debug_base_alert_identifier: null
+is_debug_mode: false
+type: block
+template_name: null
+original_workflow_identifier: f1b7c3ff-c065-48a2-a7a3-36a64a7b2d06
+version_comment: null
+version_creator: null
+creator: d568db8f-d0ec-42fb-af6c-6d2d2906520c
+priority: 2
+category: 243
+is_automatic: false
+is_archived: false
+last_editor: null
+default_access_level: edit
+creation_source: ai_generated_from_alert
+simulation_clone: false
+permissions: []
+environments:
+- '*'
@@ -0,0 +1,8 @@
+type: block  # The content type playbook or block
+content_hub_display_name: 'CrowdStrike Falcon Enrichment' # The name that will appear in the Content Hub
+author: 'Accenture'  # Author name, appearing on the playbook / block card in the Content Hub
+contact_email: '' # In case support is needed, this email will be used by secops customers to open support queries (required for partner contributed content)
+tags: [ 'CrowdStrike', 'EDR Enrichment', 'Host Enrichment', 'Accenture'] # A list of tags that will be associated with the content in the Content Hub. - List of string value
+should_display_in_content_hub: true  # Defines whether this item should have its own card in the Content Hub. - Boolean value
+contribution_type: third_party # Options: google, partner, or third_party
+acknowledge_debug_data_included: true
@@ -0,0 +1 @@
+[]
@@ -0,0 +1,9 @@
+-   description: Initial release of CrowdStrike Falcon Enrichment playbook for enriching indicators with CrowdStrike Falcon data
+    integration_version: 1.0
+    item_name: CrowdStrike Falcon Enrichment
+    item_type: Block
+    publish_time: '2026-04-22'
+    new: true
+    regressive: false
+    deprecated: false
+    removed: false
@@ -0,0 +1,76 @@
+name: CrowdStrikeFalcon_Get Host Information
+description: This action retrieves host details from CrowdStrike using hostnames.
+identifier: 10af137c-db21-482e-b293-c35307d7e6af
+original_step_id: 969feb34-0b26-4d6b-8a0c-99fb8b83b964
+playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+parent_step_ids:
+- 17b75c57-7d8f-4612-8549-b7c99754601b
+parent_step_id: 17b75c57-7d8f-4612-8549-b7c99754601b
+instance_name: Enrich Host
+is_automatic: true
+is_skippable: false
+action_provider: Scripts
+start_loop_step_id: null
+parameters:
+-   step_id: 10af137c-db21-482e-b293-c35307d7e6af
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: AssignedUsers
+    value: null
+-   step_id: 10af137c-db21-482e-b293-c35307d7e6af
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: DynamicInjectionInstancePlaceholder
+    value: ''
+-   step_id: 10af137c-db21-482e-b293-c35307d7e6af
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: FallbackIntegrationInstance
+    value: null
+-   step_id: 10af137c-db21-482e-b293-c35307d7e6af
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: FetchInstanceByName
+    value: 'false'
+-   step_id: 10af137c-db21-482e-b293-c35307d7e6af
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: HasApprovalLink
+    value: null
+-   step_id: 10af137c-db21-482e-b293-c35307d7e6af
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: IntegrationInstance
+    value: 805ec514-3ef5-46c6-9b2b-059314f2fdd0
+-   step_id: 10af137c-db21-482e-b293-c35307d7e6af
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: MessageToAssignee
+    value: null
+-   step_id: 10af137c-db21-482e-b293-c35307d7e6af
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: PendingActionTimeout
+    value: null
+-   step_id: 10af137c-db21-482e-b293-c35307d7e6af
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: RetryConfiguration
+    value: '{"Enabled":false,"IntervalInSeconds":30,"NumberOfRetries":1}'
+-   step_id: 10af137c-db21-482e-b293-c35307d7e6af
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: ScriptName
+    value: CrowdStrikeFalcon_Get Host Information
+-   step_id: 10af137c-db21-482e-b293-c35307d7e6af
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: ScriptParametersEntityFields
+    value: '{"Customer ID":"\n","Create Insight":true}'
+-   step_id: 10af137c-db21-482e-b293-c35307d7e6af
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: SelectedScopeName
+    value: Entity Select Hosts.SelectedEntities
+-   step_id: 10af137c-db21-482e-b293-c35307d7e6af
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: UseEntitiesLoopScope
+    value: null
+action_name: CrowdStrikeFalcon_Get Host Information
+parallel_actions: []
+integration: CrowdStrikeFalcon
+parent_container_id: null
+is_touched_by_ai: false
+is_debug_mock_data: false
+step_debug_data: null
+auto_skip_on_failure: true
+previous_result_condition: '{"17b75c57-7d8f-4612-8549-b7c99754601b":"1"}'
+type: action
@@ -0,0 +1,76 @@
+name: CrowdStrikeFalcon_Get Host Information
+description: This action retrieves host details from CrowdStrike using IP addresses.
+identifier: d4418310-c3fb-448c-a01c-d7f37924281a
+original_step_id: 4cf17f0b-10fa-42f6-a9f3-b5c5a5d3b53c
+playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+parent_step_ids:
+- 1539101a-09a1-4c57-b9ee-9aa44afa289d
+parent_step_id: 1539101a-09a1-4c57-b9ee-9aa44afa289d
+instance_name: Enrich IP Address
+is_automatic: true
+is_skippable: false
+action_provider: Scripts
+start_loop_step_id: null
+parameters:
+-   step_id: d4418310-c3fb-448c-a01c-d7f37924281a
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: AssignedUsers
+    value: null
+-   step_id: d4418310-c3fb-448c-a01c-d7f37924281a
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: DynamicInjectionInstancePlaceholder
+    value: ''
+-   step_id: d4418310-c3fb-448c-a01c-d7f37924281a
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: FallbackIntegrationInstance
+    value: null
+-   step_id: d4418310-c3fb-448c-a01c-d7f37924281a
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: FetchInstanceByName
+    value: 'false'
+-   step_id: d4418310-c3fb-448c-a01c-d7f37924281a
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: HasApprovalLink
+    value: null
+-   step_id: d4418310-c3fb-448c-a01c-d7f37924281a
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: IntegrationInstance
+    value: 805ec514-3ef5-46c6-9b2b-059314f2fdd0
+-   step_id: d4418310-c3fb-448c-a01c-d7f37924281a
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: MessageToAssignee
+    value: null
+-   step_id: d4418310-c3fb-448c-a01c-d7f37924281a
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: PendingActionTimeout
+    value: null
+-   step_id: d4418310-c3fb-448c-a01c-d7f37924281a
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: RetryConfiguration
+    value: '{"Enabled":false,"IntervalInSeconds":30,"NumberOfRetries":1}'
+-   step_id: d4418310-c3fb-448c-a01c-d7f37924281a
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: ScriptName
+    value: CrowdStrikeFalcon_Get Host Information
+-   step_id: d4418310-c3fb-448c-a01c-d7f37924281a
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: ScriptParametersEntityFields
+    value: '{"Customer ID":"\n","Create Insight":true}'
+-   step_id: d4418310-c3fb-448c-a01c-d7f37924281a
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: SelectedScopeName
+    value: Entity Select IPs.SelectedEntities
+-   step_id: d4418310-c3fb-448c-a01c-d7f37924281a
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: UseEntitiesLoopScope
+    value: null
+action_name: CrowdStrikeFalcon_Get Host Information
+parallel_actions: []
+integration: CrowdStrikeFalcon
+parent_container_id: null
+is_touched_by_ai: false
+is_debug_mock_data: false
+step_debug_data: null
+auto_skip_on_failure: true
+previous_result_condition: '{"1539101a-09a1-4c57-b9ee-9aa44afa289d":"1"}'
+type: action
@@ -0,0 +1,82 @@
+name: Siemplify_Case Comment
+description: Add a comment to the case the current alert has been grouped to
+identifier: f91c472f-2cfc-4c5d-a469-3708ff3c0f85
+original_step_id: ed51a970-9056-4bd2-b18d-f3a3efbc3702
+playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+parent_step_ids:
+- ad8f3858-56e3-4a0b-9ed3-9f8211ce7c68
+- 40e85cd1-d981-4cd7-8a62-1b9abd94f6f5
+- b07796b5-a620-42cd-8622-783415eb81ae
+parent_step_id: ad8f3858-56e3-4a0b-9ed3-9f8211ce7c68;40e85cd1-d981-4cd7-8a62-1b9abd94f6f5;b07796b5-a620-42cd-8622-783415eb81ae
+instance_name: Enriched Host & IP Result
+is_automatic: true
+is_skippable: false
+action_provider: Scripts
+start_loop_step_id: null
+parameters:
+-   step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: AssignedUsers
+    value: null
+-   step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: DistinctDuplicateEntities
+    value: null
+-   step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: DynamicInjectionInstancePlaceholder
+    value: ''
+-   step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: FallbackIntegrationInstance
+    value: null
+-   step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: FetchInstanceByName
+    value: 'false'
+-   step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: HasApprovalLink
+    value: null
+-   step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: IntegrationInstance
+    value: a4e2b09e-9972-4a54-b726-7fc459c31ba5
+-   step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: MessageToAssignee
+    value: null
+-   step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: PendingActionTimeout
+    value: null
+-   step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: RetryConfiguration
+    value: '{"Enabled":false,"IntervalInSeconds":30,"NumberOfRetries":1}'
+-   step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: ScriptName
+    value: Siemplify_Case Comment
+-   step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: ScriptParametersEntityFields
+    value: '{"Comment":"[Alert.host_result]\n\n[Alert.ip_result]\n"}'
+-   step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: SelectedScopeName
+    value: All entities
+-   step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: UseEntitiesLoopScope
+    value: null
+action_name: Siemplify_Case Comment
+parallel_actions: []
+integration: Siemplify
+parent_container_id: null
+is_touched_by_ai: false
+is_debug_mock_data: false
+step_debug_data: null
+auto_skip_on_failure: false
+previous_result_condition: '{}'
+type: action
@@ -0,0 +1,74 @@
+name: Condition
+description: This condition determines the progress of the playbook. Conditions are
+    built based on cases data (cases, alerts, vents, entities and environment properties)
+    as-well as data that comes back from previous playbook steps.
+identifier: fba4d15a-6764-40ae-90b0-93eeca82ef8d
+original_step_id: 57f31a52-88bd-4e49-a697-2c8b82e90520
+playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+parent_step_ids:
+- f91c472f-2cfc-4c5d-a469-3708ff3c0f85
+parent_step_id: f91c472f-2cfc-4c5d-a469-3708ff3c0f85
+instance_name: Enrichment Result
+is_automatic: true
+is_skippable: false
+action_provider: Flow
+start_loop_step_id: null
+parameters:
+-   step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: AssignedUsers
+    value: null
+-   step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: Branches
+    value: '[{"LogicalOperator":0,"Conditions":[{"Operator":1,"FieldName":"[Alert.ip_result]","Type":7,"Value":"no
+        enrichment","CustomOperatorName":"Core Functions.Contains"},{"Operator":1,"FieldName":"[Alert.host_result]","Type":7,"Value":"no
+        enrichment","CustomOperatorName":"Core Functions.Contains"}],"Order":1,"IsDefaultBranch":false,"Name":"IP
+        & Host Fail"},{"LogicalOperator":0,"Conditions":[],"Order":5,"IsDefaultBranch":true,"Name":"Branch"},{"LogicalOperator":0,"Conditions":[{"Operator":1,"FieldName":"[Alert.ip_result]","Type":7,"Value":"List
+        of IP","CustomOperatorName":"Core Functions.Contains"},{"Operator":1,"FieldName":"[Alert.host_result]","Type":7,"Value":"List
+        of Host","CustomOperatorName":"Core Functions.Contains"}],"Order":2,"IsDefaultBranch":false,"Name":"IP
+        & Host Success"},{"LogicalOperator":0,"Conditions":[{"Operator":1,"FieldName":"[Alert.ip_result]","Type":7,"Value":"List
+        of IP","CustomOperatorName":"Core Functions.Contains"},{"Operator":1,"FieldName":"[Alert.host_result]","Type":7,"Value":"no
+        enrichment","CustomOperatorName":"Core Functions.Contains"}],"Order":3,"IsDefaultBranch":false,"Name":"IP
+        Success"},{"LogicalOperator":0,"Conditions":[{"Operator":1,"FieldName":"[Alert.ip_result]","Type":7,"Value":"no
+        enrichment","CustomOperatorName":"Core Functions.Contains"},{"Operator":1,"FieldName":"[Alert.host_result]","Type":7,"Value":"List
+        of Host","CustomOperatorName":"Core Functions.Contains"}],"Order":4,"IsDefaultBranch":false,"Name":"Host
+        Success"}]'
+-   step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: DistinctDuplicateEntities
+    value: 'true'
+-   step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: ErrorFallbackBranch
+    value: null
+-   step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: HasApprovalLink
+    value: null
+-   step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: MessageToAssignee
+    value: null
+-   step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: PendingActionTimeout
+    value: null
+-   step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: SelectedScopeName
+    value: All entities
+-   step_id: fba4d15a-6764-40ae-90b0-93eeca82ef8d
+    playbook_id: ea843f06-858d-44de-a1ac-936a2835f782
+    name: UseEntitiesLoopScope
+    value: 'true'
+action_name: IfFlowCondition
+parallel_actions: []
+integration: Flow
+parent_container_id: null
+is_touched_by_ai: false
+is_debug_mock_data: false
+step_debug_data: null
+auto_skip_on_failure: false
+previous_result_condition: '{}'
+type: condition