Perform Host Action
Perform various actions on the hosts in your environment.
Basic Parameters
| Parameter | Description |
|---|---|
| Action Name | Specify one of these actions: - contain - This action contains the host, which stops any network communications to locations other than the CrowdStrike cloud and IPs specified in your Containment Policy.- lift_containment - This action lifts containment on the host, which returns its network communications to normal.- hide_host - This action will delete a host. After the host is deleted, no new detections for that host will be reported via UI or APIs.- unhide_host - This action will restore a host. Detection reporting will resume after the host is restored. |
| Host IDs | A comma-separated list of host IDs to perform the action on. Can be obtained via the List Devices action. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Action Parameters | A comma-separated list of the parameters for the prospective action. Example value: {"name": "name1", "value": "value1"}, {"name": "name2", "value": "value2"} |
Example Output
{
"meta": {
"query_time": 0.0000000001,
"powered_by": "device-api",
"trace_id": ""0000000-00000-0000-0000-000000000000""
},
"resources": [
{
"id": "00000000001111112222233334444",
"path": "/path/to/device"
}
],
"errors": []
}
Workflow Library Example
Isolate or Unisolate Device on Crowdstrike
Preview this Workflow on desktop