Thanks again for putting this together. I have a few other questions.

1. Does BulkStrike have to remain open for the queued commands to execute ? I assume no, but wanted to double check. Once they are added to the CS queue I assume it will execute once the system comes online.

2. How do I collect the results from stdout for items that are queued? Does the system running Bulkstrike have to remain online with BulkStrike running to collect the results? I assume it would and if I have --log it should log the results.

Hi,
Answers to your queries as follow:

1. No, BulkStrike does not have to remain open for queued commands to execute
2. It is not possible to collect results from stdout for items that are queued. This is a CrowdStrike limitation. Hence, we are restricted in the type of queued commands we can execute (e.g. you can still queue a command to remove a malicious file, but queuing a ls command will not be useful). Yes, the system running BulkStrike has to remain online with BulkStrike running to collect stdout results.

I hope I have answered your questions.

Regards.

Closing this as there is no reply from OP for close to a month.