elastic · natasha-moore-elastic · Jun 11, 2025 · Jun 9, 2025 · Jun 10, 2025 · Jun 11, 2025
@@ -252,6 +252,9 @@ Run a script on a host. You must include one of the following parameters to iden
 
 * `--Raw`: The full script content provided directly as a string.
 * `--CloudFile`: The name of the script stored in a cloud storage location.
+
+   {applies_to}`serverless: ga` When using this parameter, select from a list of saved custom scripts.
+
 * `--HostPath`: The absolute or relative file path of the script located on the host machine.
 
 You can also use these optional parameters:

@@ -38,7 +38,9 @@ Expand a section below for your endpoint security system:
 
     * Give the API client the minimum privilege required to read CrowdStrike data and perform actions on enrolled hosts. Consider creating separate API clients for reading data and performing actions, to limit privileges allowed by each API client.
 
-        * To isolate and release hosts, the API client must have `Read` access for Alerts, and `Read` and `Write` access for Hosts.
+        * To isolate and release hosts: `Read` access for `Alerts`, and `Read` and `Write` access for `Hosts`.
+
+        * To run a script on a host: `Read` and `Write` access for `Real time response`, and `Write` access for `Real time response (admin)`.
 
     * Take note of the client ID, client secret, and base URL; you’ll need them in later steps when you configure {{elastic-sec}} components to access CrowdStrike.
     * The base URL varies depending on your CrowdStrike account type: