Peregrine: Batch Investigation and Remediation for Improved Real Time Response

Real-time response (RTR) is crucial for cybersecurity professionals to quickly identify and contain threats. Here at MindPoint Group our analysts often utilize CrowdStrike Falcon's RTR capabilities to quickly respond to alerts. Depending on the alerts and the investigation needed, uncovering the sources and mitigating the effects of issues can be a time-consuming process, when time is of the essence.  Going through the dashboard one system at a time has its limitations, particularly when dealing with keeping malware and ransomware at bay and restricting the ability of those systems to affect others.

The SOC analysts here at MPG worked with our R&D team to develop a way to add efficiency and speed to CrowdStrike’s RTR functionality when managing multiple systems and tenants. From that work, Peregrine for CrowdStrike took flight. Developed in-house by MindPoint Group, Peregrine addresses these limitations by utilizing the CrowdStrike Falcon API to effectively speed up the Real-Time Response capabilities of our SOC analysts and does so with a user-friendly interface.

Built from the minds of our analysts for analysts, Peregrine is a faster way to use Falcon’s RTR capabilities to investigate, respond and remediate alerts.

In the webinar below, Ahmed Bukhari, MindPoint Group’s sales engineering manager, sat down with the manager of Peregrine’s development team, Greg Lyon, to talk about many of Peregrine’s capabilities and how Peregrine has already helped to make an impact at MindPoint Group. See how making Peregrine part of the MPG tool set has enabled faster response times. 

Watch the webinar:

Key Capabilities of Peregrine:

• Batch commands: Run scripts and commands across multiple systems simultaneously, saving time and effort.
• Mass containment: Quickly isolate suspicious systems to prevent further infection.
• Kill by name: Eliminate malicious programs across multiple endpoints with ease.
• Offline RTR queue: Schedule actions for offline systems to be executed upon connection.
• Visual file explorer: Navigate directories and files easily with a user-friendly interface.
• Visual Windows Registry: Explore the Windows Registry through a graphical interface.
• Scripting support: Run existing PowerShell and Bash scripts within Peregrine.
• Multi-tenancy: Easily switch between CrowdStrike tenants for faster response times in different environments.

Benefits of Peregrine:

• Increased efficiency: Automate routine tasks and respond to incidents faster.
• Improved visibility: Gain greater insight into system activity and potential threats.
• ‍Enhanced control: Quickly isolate and remediate infected systems.
• ‍Simplified workflows: Streamline investigation and remediation processes.
• ‍Reduced risk: Minimize the impact of cyberattacks and data breaches.

Getting Started with Peregrine:

Peregrine empowers CrowdStrike professionals like you to leverage RTR faster over more systems, enabling you to identify and neutralize threats more effectively.

Download the Peregrine application and start your 30-day free trial!