0
2.0.0
Zurich, Yokohama, Xanadu
The CrowdStrike Next-Gen SIEM Ingestion integration allows you to automatically retrieve incidents from CrowdStrike , convert them into security incidents, and enable automated response actions.
This integration offers the following key features:
Automated Detection & Incident Creation
- Detect CrowdStrike Next-Gen SIEM detections that are candidates for security incidents and automatically create security incidents in SIR.
Field Mapping for Seamless Data Flow
- Map CrowdStrike Next-Gen SIEM alert and entity fields to SIR security incident fields for consistent and structured incident handling.
Advanced Filtering Capabilities
- Filter incoming CrowdStrike Next-Gen SIEM detections based on defined criteria to ingest only relevant security incidents.
Smart Incident Aggregation
- Group similar CrowdStrike detections under existing open security incidents to avoid duplication and reduce operational overhead.
Scheduled Alert Ingestion
- Ingest CrowdStrike detections into SIR at scheduled intervals to ensure regular and timely updates.
Comment Synchronization
- Synchronize comments between CrowdStrike detections and SIR worknotes to maintain complete visibility and effective communication within incident workflows.
NEW :
This integration offers the following key features:
Automated Detection & Incident Creation
- Detect CrowdStrike Next-Gen SIEM detections that are candidates for security incidents and automatically create security incidents in SIR.
Field Mapping for Seamless Data Flow
- Map CrowdStrike Next-Gen SIEM alert and entity fields to SIR security incident fields for consistent and structured incident handling.
Advanced Filtering Capabilities
- Filter incoming CrowdStrike Next-Gen SIEM detections based on defined criteria to ingest only relevant security incidents.
Smart Incident Aggregation
- Group similar CrowdStrike detections under existing open security incidents to avoid duplication and reduce operational overhead.
Scheduled Alert Ingestion
- Ingest CrowdStrike detections into SIR at scheduled intervals to ensure regular and timely updates.
Comment Synchronization
- Synchronize comments between CrowdStrike detections and SIR worknotes to maintain complete visibility and effective communication within incident workflows.
To install the integration, perform the following steps:
- Install the com.glide.hub.integration.runtime, com.glide.hub.action_step.rest plugins first. If the necessary privileges are unavailable, raise a support ticket to install these plugins.
- After installing the plugins, install the Security Incident Response Dependency plugin (com.snc.si_dep).
- Install the Security Incident Response plugin