CrowdStrike Falcon
Version: CrowdStrike Falcon Antivirus sensor version 6.3x and above.
CrowdStrike Falcon is a Security As A Service (SAAS) solution, which provides protection against malware and sophisticated attacks.
Netsurion Open XDR manages logs retrieved from CrowdStrike Falcon. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing any suspicious activities.
The following are the key assets included with this Data Source Integration.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | CrowdStrike Falcon – Detection summary event | Generated whenever any suspicious activity detected by CrowdStrike Falcon or malware-related event triggers in CrowdStrike Falcon. |
| Security | CrowdStrike Falcon – File quarantined | Generated whenever files get quarantined by CrowdStrike Falcon. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | CrowdStrike Falcon – Threat detected | Provides details about threats in a detection summary event as detected by CrowdStrike Falcon. |
| Security | CrowdStrike Falcon – Quarantined files | Provides details about files quarantined by CrowdStrike Falcon. |
| Security | CrowdStrike Falcon – Other detected threat | Provides details about miscellaneous threats detected by CrowdStrike Falcon. |
| Compliance | CrowdStrike Falcon – AV scan results | Provides details about results from AV scans performed by CrowdStrike Falcon. |
| Compliance | CrowdStrike Falcon – Document access | Provides details about access to documents as part of a detection summary by CrowdStrike Falcon. |
| Operational | CrowdStrike Falcon – Authentication details | Provides details about user authentication details as monitored by CrowdStrike Falcon. |
| Operational | CrowdStrike Falcon – Executable written | Provides details about executables in a detection summary by CrowdStrike Falcon. |
Dashboards
| Type | Name | Description |
|---|---|---|
| Security | CrowdStrike Falcon – Threat detection by file name | Displays various threats based on filename. |
| Security | CrowdStrike Falcon – Threat detection by signature | Displays threat detected based on signatures. |
| Security | CrowdStrike Falcon – Threat detection by computer | Displays threats detected based on the computers they were found on. |
| Security | CrowdStrike Falcon – Threat detection by category | Displays threats based on categories. |
Saved Searches
| Type | Name | Description |
|---|---|---|
| Security | CrowdStrike Falcon – Detection summary event | Provides details about detection summary events by CrowdStrike Falcon. |
| Security | CrowdStrike Falcon – Quarantined files | Provides details about files quarantined by CrowdStrike Falcon. |
| Compliance | CrowdStrike Falcon – Document access | Provides details about events related to document access as detected by CrowdStrike Falcon. |
| Compliance | CrowdStrike Falcon – AV scan results | Provides details about information obtained from AV scans on endpoints monitored by CrowdStrike Falcon. |
| Operational | CrowdStrike Falcon – Authentication details | Provides details about authentication related to CrowdStrike Falcon. |
| Operational | CrowdStrike Falcon – Executable written | Provides details about executables in a detection summary event as discovered by CrowdStrike Falcon. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.3 and later, and CrowdStrike Falcon.
Download the Integration Guide for configuration instructions and more information.