In the event of a Ransomware event, it is recommended that you lock down the Firewall and to have the following IPs whitelisted in your Firewall to allow the CS Agent to still communicate with the CS Cloud, which allows the Overwatch team to be able to respond to the incident.
All communications between the CS Agent and the CS Cloud occur over port 443 (outbound only).
34.209.165.130
34.209.79.111
34.210.186.129
34.214.236.51
34.215.239.163
34.223.189.85
35.160.213.193
35.162.224.228
35.162.239.174
35.166.20.122
35.80.210.147
44.224.200.221
44.225.216.237
44.227.134.78
44.227.251.226
44.227.83.73
44.228.118.64
44.229.24.18
50.112.111.36
50.112.127.4
50.112.127.55
50.112.129.218
50.112.130.23
50.112.131.18
50.112.6.52
52.10.219.156
52.25.223.26
52.27.205.162
52.33.193.184
52.35.11.124
52.35.162.27
54.191.184.169
54.68.92.116
54.71.43.66
100.20.144.105
100.20.76.137IPv6 Addresses
2600:1f14:2d89:8300::/56
2600:1f14:185:8400::/56ts01-gyr-maverick.cloudsink.net
lfodown01-gyr-maverick.cloudsink.net
lfoup01-gyr-maverick.cloudsink.net
falcon.us-2.crowdstrike.com
assets.falcon.us-2.crowdstrike.com
assets-public.falcon.us-2.crowdstrike.com
api.us-2.crowdstrike.com
firehose.us-2.crowdstrike.comFor more information about CrowdStrike IPs(All MiSecure CIDs are under US-2): Cloud IP Addresses & FQDNS