0
2.4.1
Australia, Zurich, Yokohama, Xanadu
Integration
The CrowdStrike Next-Gen SIEM Ingestion integration allows you to automatically retrieve incidents from CrowdStrike , convert them into security incidents, and enable automated response actions.
This integration offers the following key features:
Automated Detection & Incident Creation
- Detect CrowdStrike Next-Gen SIEM detections that are candidates for security incidents and automatically create security incidents in SIR.
Field Mapping for Seamless Data Flow
- Map CrowdStrike Next-Gen SIEM alert and entity fields to SIR security incident fields for consistent and structured incident handling.
Advanced Filtering Capabilities
- Filter incoming CrowdStrike Next-Gen SIEM detections based on defined criteria to ingest only relevant security incidents.
Smart Incident Aggregation
- Group similar CrowdStrike detections under existing open security incidents to avoid duplication and reduce operational overhead.
Scheduled Alert Ingestion
- Ingest CrowdStrike detections into SIR at scheduled intervals to ensure regular and timely updates.
Comment Synchronization
- Synchronize comments between CrowdStrike detections and SIR worknotes to maintain complete visibility and effective communication within incident workflows.
Fixed:
SIRs are not being created from SIEM ingestion due to "Secure Notes" access issue with the Crypto module since Yokohama upgrade, if System access Module Access policy is not in place.
To install the integration, perform the following steps:
- Install the com.glide.hub.integration.runtime, com.glide.hub.action_step.rest plugins first. If the necessary privileges are unavailable, raise a support ticket to install these plugins.
- After installing the plugins, install the Security Incident Response Dependency plugin (com.snc.si_dep).
- Install the Security Incident Response plugin