The CrowdStrike Falcon Endpoint for Security Operations app on ServiceNow provides users with the ability to integrate alert and detection data from the Falcon platform into their incident response process, by allowing for creation of security incidents within the ServiceNow Security Operations module. The application is an extension to the CrowdStrike Falcon Endpoint app (must be installed first) and automated workflows by sending endpoint security events discovered within the CrowdStrike Falcon Platform into ServiceNow for centralized investigations and faster time to resolution.
CrowdStrike Falcon endpoint protection platform provides cloud delivered Next-Generation Anti-Virus, EDR, IT Hygiene and Managed Hunting in a single sensor. CrowdStrike Falcon protects customers against advanced cyber attacks, using sophisticated signatureless artificial intelligence/machine learning and Indicator of Attack (IOA) based threat prevention to stop known and unknown threats in real-time.
- Automate security incident creation within ServiceNow based on malicious endpoint event activity detected by CrowdStrike Falcon platform.
- Accelerate investigations within ServiceNow by bringing back all relevant endpoint event activity captured by CrowdStrike
- Enable security teams to quickly perform remediation tasks before an incident results in a breach
- Unify security and IT to accelerate threat prioritization and response
This release adds the following:
- This release adds support for Endpoint Alerts from CrowdStrike
Security Operations - Incident Management
CrowdStrike Falcon Endpoint Application