Identity Protection from CrowdStrike allows your team to realize deeper visibility for identity-based attacks and anomalies in real-time without requiring the ingestion of log files. Ideal for organizations that want only identity-based threat incident alerts and threat hunting, but not analytics or automated prevention of threats.
This Integration uses a series of API calls to import Identity Incidents, Alert Events, and Related Events from the Falcon Platform. This data is stored locally in ServiceNow and ITSM or SIR Incidents are created for teams to respond and track Identity Based Events.
CrowdStrike Falcon® Identity Threat Detection (ITD) offers Active Directory Security visibility into all account types with insights and analytics, and detects identity-based attacks or anomalies by comparing live authentication traffic against baseline behaviors and attack patterns. SIR Incdeints are created in the ServiceNow Platform which correspond to Identity Based Incidents from CrowdStrike.
Initial Release
Security Incident Response
Import Sets