CrowdStrike Integration

ITSM
Written By Malhar Shah

Crest built an app for Falcon Endpoint that reduces security incident exposure with automatic responses.

Home > Case Studies > CrowdStrike Integration

 

Executive Summary

CrowdStrike customers used to write custom scripts to pull IOC data into Splunk for further analysis.

They had to set up appropriate rules to correlate across various datasets. A Splunk app would simplify this entire operation and help customers to get near real-time alerting on their own IOCs.

CrowdStrike, Inc. is an American cybersecurity technology company based in Sunnyvale, California, and a wholly owned subsidiary of CrowdStrike Holdings, Inc. The company provides endpoint security, threat intelligence, and incident response services to customers in more than 170 countries.

 

Business Challenge

CrowdStrike customers used to write custom scripts to pull IOC data into Splunk for further analysis. They had to setup appropriate rules to correlate across various data sets. A Splunk app would simplify this entire operation and help customers to get near real-time alerting on their own IOCs. When security teams need to find and resolve breaches quickly—before business is impacted— Splunk Enterprise Security (ES) solution can help with an Adaptive Response Framework (that automates workflow-based processes across heterogeneous environments).

 

Customer Solution

Splunk Infrastructure Management: Crest Data wrote a Splunk app for Falcon Endpoint allows Splunk admins to collect malware event logs using modular inputs. Based on this malware data can be analyse or use it as a contextual data feed to correlate with other malware-related data in the Splunk platform. Crest also helped build conceptual views of malware event data, upload their own IOC data to the Falcon platform using Splunk Adaptive Response (AR). Following actions were implemented:

  • Upload IOC

  • Change detection status

  • IOC search: Get device count

 

The Crest Difference

Splunk ES Integration helped:

  • Reduce security incident exposure by automatic responses

  • Customize searches, alerts, reports, and dashboards for specific business needs

  • Prioritise and act on incidents through centralized logs, alerts, reports, and workflows

Malhar Shah
Previous

Digital Shadows App
Next

Splunk Application Development for NetApp SANtricity