Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
CrowdStrike Falcon
FIN-598
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Edited:
2026-03-06 18:14
Verified
What It Detects
Asset has critical severity threat detections AND is in a containment-pending state, meaning network isolation has been requested but has not yet taken effect. This is an urgent condition: the host has confirmed critical-severity threats (indicating active compromise or imminent breach) and remains connected to the network while awaiting containment. Until containment completes, the compromised host can potentially be used for lateral movement, data exfiltration, or further attack propagation across the environment.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Critical Severity Threat List
not_empty
Status
equals
containment_pending
Remediation
×
×
×
×
×
×
+ Add item
Why It Matters
×
×
×
×
+ Add item
Save Changes
Export Lucidum