# CrowdStrike Falcon — Network Isolation via API
import requests

def isolate_host(device_id: str, api_token: str):
    headers = {"Authorization": f"Bearer {api_token}"}
    response = requests.post(
        "https://api.crowdstrike.com/devices/entities/devices-actions/v2",
        headers=headers,
        json={
            "action_name": "contain",
            "ids": [device_id]
        }
    )
    return response.json()

# Linux — network isolation via iptables
def isolate_linux_host():
    """Run on compromised Linux host"""
    import subprocess
    commands = [
        "iptables -P INPUT DROP",
        "iptables -P OUTPUT DROP",
        "iptables -P FORWARD DROP",
        # Allow SSH for investigation
        "iptables -A INPUT -p tcp --dport 22 -s 10.0.0.100 -j ACCEPT",  # IR laptop IP
        "iptables -A OUTPUT -p tcp --sport 22 -d 10.0.0.100 -j ACCEPT",
    ]
    for cmd in commands:
        subprocess.run(cmd.split(), check=True)

Incident Response — זיהוי, בלימה, שחזור

Incident Response — זיהוי, בלימה, שחזור

Incident Response — זיהוי, בלימה, שחזור