Skip to main content

CrowdStrike Falcon

crowdstrike-falcon

Version: 1.12
Updated: Nov 28, 2024

The CrowdStrike Falcon integration allows you to pull and update Detections/Incidents, and search Incidents/Devices/Detections.

Actions​

  • Close CrowdStrike Incident (Containment) - Close the state of the CrowdStrike Incident.
  • Create Indicators (Containment) - Create the Indicators.
  • Detections CrowdStrike Falcon Daemon (Daemon) - Daemon to pull CrowdStrike Detections.
  • Device Actions (Containment) - Take various actions on the hosts in your environment.
  • Get Browser History (Enrichment) - Get user Browser history.
  • Get Endpoint (Enrichment) - Get details on one or more hosts by providing agent IDs.
  • Get Incident Info (Enrichment) - Get details for a specific Crowdstrike Incident.
  • Get Indicators (Containment) - Get Indicators By IDs.
  • Get User ID By Mail (Enrichment) - Search for a specific User ID with a given email address.
  • Incidents CrowdStrike Falcon Daemon (Daemon) - Daemon to pull CrowdStrike Incidents.
  • List Endpoints (Enrichment) - Search for hosts in your environment by platform, hostname, IP.
  • Search into Detections (Enrichment) - Search for Detections that match a given query.
  • Search into Incidents (Enrichment) - Search for incidents by providing an FQL filter, sorting, and paging details.
  • Update Detections (Containment) - Modify the state or assignee of Detections.
  • Update Alerts (Containment) - Perform actions on Alerts identified by composite ID(s) in request.
  • Search into Alerts (Enrichment) - Retrieves all Alerts IDs that match a given query.
  • Alerts CrowdStrike Falcon Daemon (Daemon) - Daemon to pull CrowdStrike Alerts.

Category​

EDR

Change Log​

  • June 3, 2021 - First upload
  • July 8, 2022 - Added new action
    • Device Actions
  • November 10, 2022 - Added new action:
    • Get Browser History
  • January 31, 2020 - Action updated: Get Report Summary
  • December 30, 2022 - Action updated
    • Detections CrowdStrike Falcon Daemon (Added FQL-based filter and Pagination to Daemon)
  • February 17, 2023 - Refactoring
  • February 23, 2023 (v1.3)
    • List Endpoints: Updated API Endpoint
    • Incidents CrowdStrike Falcon Daemon: Duplicate Removed
  • March 7, 2023 (v1.4)
    • List Endpoints: Updated Fields Hints
  • March 21, 2023 (v1.5) - Logo updated
  • July 12, 2023 (v1.8) - Changed fields visibility
  • March 4, 2024 (v1.9) - Updated code for compatibility with Python 3.12
  • October 16, 2024 (v1.10) - Added new actions
    • Create Indicators
    • Get Indicators
  • November 28, 2024 (v1.12) - Added new actions
    • Update Alerts
    • Search into Alerts
    • Alerts CrowdStrike Falcon Daemon
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.