5 Ways to Use Peregrine's Single Host Capabilities

8 min read

Peregrine is a powerful tool for CrowdStrike Falcon, allowing SOC analysts, incident responders and threat analysts to quickly investigate, contain, and remediate malicious assets through the CrowdStrike Falcon API. Here are five powerful single host actions that illustrate the precision and accuracy of Peregrine in improving your everyday work with CrowdStrike.  

1. Device Explorer and Details

View your security environment at a glance by selecting devices to investigate. Peregrine's Device Explorer and Device Extended Details provide an overview of systems and endpoints, including host name, device ID, containment status, current operating system, IP address, and last time seen.  Quickly switch between systems to see details in a flash.

2. Environment Toggle

If you oversee multiple clients and CIDs, Peregrine is a must! Using the Client Manager and CID Manager you can easily switch between CrowdStrike accounts to allow management of single host between multiple CrowdStrike clouds and tenants. Just setup each of your CIDs once and let Peregrine help you switch between clients with ease.

3. File Explorer and Task Manager

No longer do you have to navigate via the command line to review files on individual hosts.

Peregrine’s file and task management systems allow for easy view and investigation of single hosts. Kill single host processes using the Task Manager or identify, review, and delete single malicious files using the File Manager.  

4. Contain/Uncontain

When a problem is detected, quickly contain an infected host to preventing it from spreading any malware to other hosts in the system. Once contained, that host can be safely investigated to identify the threat. If you have multiple hosts that you have batch contained, Peregrine can help you uncontain hosts either one-at-a-time or in bulk, giving you total control.

5. RTR Management and Scripts

Use the RTR command line and multiple types of scripts to enact commands on a single host. Once scripts are created and used in Peregrine, they are saved, allowing you or members of your team to repeat the scripts by selecting them from the history.  

Bonus: Zero Trust Assessment

Get a bird’s eye view on your endpoint security using the Zero Trust Assessment, which consolidates zero trust score information from your CrowdStrike sensors. Find even the smallest gaps in your defense by catching multi-factor authentication issues and other possible improvements to your zero trust architecture.  

Peregrine is fast and accurate

Precision is key when investigating a single host after an endpoint detection alert. Acting quickly can prevent threats from becoming larger breaches, and Peregrine can make investigation and remediation quick and precise.  

More Articles

Start your 30-day free trial

Automate your CrowdStrike RTR with Peregrine.