A secure tool for quickly looking up CrowdStrike Agent IDs (AIDs) from hostnames and generating direct investigation links.
This is version 0.1, just a simple timeliner, the next phase will have automated RTR functionality for extracting forensics evidence from the target.
- 🔒 Secure credential storage using system keyring
- 🚀 Quick AID lookup from hostnames
- 🔗 Direct investigation URL generation
- 💻 System-specific encryption based on hardware identity
- ⚡ Standalone executable available (no Python required)
- Windows:
CrowdStrikeAIDTimeliner.exe
- Run the executable
- Enter your CrowdStrike API credentials:
- Client ID
- Client Secret
- Base URL (e.g.,
https://api.crowdstrike.com)
- Credentials are encrypted and stored securely in your system keyring
./CrowdStrikeAIDTimeliner.exe
Enter hostname: DESKTOP-ABC123
Enter lookback days: 30- Look up the AID for the hostname
- Generate a direct investigation URL
- Optionally open it in your browser
- CrowdStrike Falcon API credentials with Device Read permissions
- Base URL for your region (US, EU, US-GOV-1)
- Credentials encrypted using system-specific keys
- Optional additional passphrase protection
- No credentials stored in plaintext
Developer: Jacob Wilson Email: dfirvault@gmail.com
See LICENSE file for details.