CrowdStrike Falcon AutomationPowerPack Automation Policies

Download this manual as a PDF file

This section describes the automation policies found in the CrowdStrike Falcon Automation PowerPack.

Standard Automation Policies

The CrowdStrike Falcon Automation  PowerPack includes one standard automation policy that you can enable, shown in the following figure:

An image of the Editing PowerPack page.

This policy updates the SL1 event with the state of the associated CrowdStrike job. When a node is offline, a failure occurs, or a major event is detected in CrowdStrike, an SL1 event is created and the associated event is updated with any job details.

The following table shows the automation policy, its aligned events, and the automation action that runs in response to the events.

Automation Policy Name Aligned Events Automation Action
Crowdstrike: Clear Detection ID All Events Run Integration Service Application [100] CrowdStrike: Clear Detection ID