Case Study

4 Powerful Multi-Host Functions in Peregrine

6 min read

Using Peregrine to remediate and respond to malicious threats in your security environment can speed up your real-time response and maximize your investment in CrowdStrike Falcon endpoint detection.  

Batch Run Commands

Running scripted commands and building scripts from single line commands can add efficiency and precision to your remediation and response. With Peregrine, you are able to run those scripts across multiple hosts in a fraction of the time it would take via the CrowdStrike Console. Once a script has been defined, it can be run across multiple systems, instead of requiring a user to move from console window to console window to repeat actions. Peregrine also saves scripts to be selected again for future investigation or remediation.

Batch Contain

When a problem is running rampant across your network, time is of the essence. With Peregrine, just select the systems you need to contain and with one action contain those systems from your network. Take the time you need to investigate issues, and either uncontain systems one-at-a-time or in bulk, saving you more time and effort.

Offline RTR Queue

With Peregrine’s Offline RTR Queue, never worry again if a system has had commands run against it. Peregrine will monitor your tenant's offline systems with pending actions, and run any pending scripts when the endpoint comes back online. You are able to use the Offline RTR Queue to investigate, contain and remediate systems immediately when systems come back up, and see which systems have been updated, and which systems still remain offline. Once back online, systems will have actions run against them and then remain in the queue to allow you to see the work has been completed. This allows you to have a more comprehensive audit trail and better understanding of unpatched vulnerabilities and uninvestigated systems for alerts.  

Kill Process By Name

Quickly kill a malicious process across multiple systems once it has been identified on a contained host. Peregrine can search the rest of your environment for the malicious process by name and kill it on any contained hosts to prevent them from spreading throughout your attack surface.  

Peregrine is powerful on multiple hosts and systems.  

We built the ability to switch between clients and CrowdStrike IDs directly into Peregrine to make your investigation and remediation steps as fast and accurate as possible. Making the most of Peregrine’s batch actions will maximize your ability to respond in real time to serious threats and protect your attack surface quickly.  

More Articles

Start your 30-day free trial

Automate your CrowdStrike RTR with Peregrine.