CrowdStrike Falcon

Version: CrowdStrike Falcon Antivirus sensor version 6.3x and above.

CrowdStrike Falcon is a Security As A Service (SAAS) solution, which provides protection against malware and sophisticated attacks.

Netsurion Open XDR manages logs retrieved from CrowdStrike Falcon. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing any suspicious activities.

The following are the key assets included with this Data Source Integration.

Alerts

TypeNameDescription
SecurityCrowdStrike Falcon – Detection summary eventGenerated whenever any suspicious activity detected by CrowdStrike Falcon or malware-related event triggers in CrowdStrike Falcon.
SecurityCrowdStrike Falcon – File quarantinedGenerated whenever files get quarantined by CrowdStrike Falcon.

Reports

TypeNameDescription
SecurityCrowdStrike Falcon – Threat detectedProvides details about threats in a detection summary event as detected by CrowdStrike Falcon.
SecurityCrowdStrike Falcon – Quarantined filesProvides details about files quarantined by CrowdStrike Falcon.
SecurityCrowdStrike Falcon – Other detected threat  Provides details about miscellaneous threats detected by CrowdStrike Falcon.
ComplianceCrowdStrike Falcon – AV scan resultsProvides details about results from AV scans performed by CrowdStrike Falcon.
ComplianceCrowdStrike Falcon – Document accessProvides details about access to documents as part of a detection summary by CrowdStrike Falcon.
OperationalCrowdStrike Falcon – Authentication detailsProvides details about user authentication details as monitored by CrowdStrike Falcon.
OperationalCrowdStrike Falcon – Executable writtenProvides details about executables in a detection summary by CrowdStrike Falcon.

Dashboards

TypeNameDescription
SecurityCrowdStrike Falcon – Threat detection by file nameDisplays various threats based on filename.
SecurityCrowdStrike Falcon – Threat detection by signatureDisplays threat detected based on signatures.
SecurityCrowdStrike Falcon – Threat detection by computerDisplays threats detected based on the computers they were found on.
SecurityCrowdStrike Falcon – Threat detection by categoryDisplays threats based on categories.

Saved Searches

TypeNameDescription
SecurityCrowdStrike Falcon – Detection summary eventProvides details about detection summary events by CrowdStrike Falcon.
SecurityCrowdStrike Falcon – Quarantined filesProvides details about files quarantined by CrowdStrike Falcon.
ComplianceCrowdStrike Falcon – Document accessProvides details about events related to document access as detected by CrowdStrike Falcon.
ComplianceCrowdStrike Falcon – AV scan resultsProvides details about information obtained from AV scans on endpoints monitored by CrowdStrike Falcon.
OperationalCrowdStrike Falcon – Authentication detailsProvides details about authentication related to CrowdStrike Falcon.
OperationalCrowdStrike Falcon – Executable writtenProvides details about executables in a detection summary event as discovered by CrowdStrike Falcon.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 and later, and CrowdStrike Falcon.

Download the Integration Guide for configuration instructions and more information.