CrowdStrike Integration
Crest built an app for Falcon Endpoint that reduces security incident exposure with automatic responses.
Home > Case Studies > CrowdStrike Integration
Executive Summary
CrowdStrike customers used to write custom scripts to pull IOC data into Splunk for further analysis.
They had to set up appropriate rules to correlate across various datasets. A Splunk app would simplify this entire operation and help customers to get near real-time alerting on their own IOCs.
Business Challenge
CrowdStrike customers used to write custom scripts to pull IOC data into Splunk for further analysis. They had to setup appropriate rules to correlate across various data sets. A Splunk app would simplify this entire operation and help customers to get near real-time alerting on their own IOCs. When security teams need to find and resolve breaches quickly—before business is impacted— Splunk Enterprise Security (ES) solution can help with an Adaptive Response Framework (that automates workflow-based processes across heterogeneous environments).
Customer Solution
Splunk Infrastructure Management: Crest Data wrote a Splunk app for Falcon Endpoint allows Splunk admins to collect malware event logs using modular inputs. Based on this malware data can be analyse or use it as a contextual data feed to correlate with other malware-related data in the Splunk platform. Crest also helped build conceptual views of malware event data, upload their own IOC data to the Falcon platform using Splunk Adaptive Response (AR). Following actions were implemented:
Upload IOC
Change detection status
IOC search: Get device count
The Crest Difference
Splunk ES Integration helped:
Reduce security incident exposure by automatic responses
Customize searches, alerts, reports, and dashboards for specific business needs
Prioritise and act on incidents through centralized logs, alerts, reports, and workflows