CrowdStrike Falcon
CrowdStrike Falcon is an Extended Detection and Response (XDR) and Endpoint Detection and Response (EDR) offering.
CrowdStrike Falcon is an Extended Detection and Response (XDR) and Endpoint Detection and Response (EDR) offering. CrowdStrike security events can generate and contribute to correlated incidents in Cisco XDR.
In Cisco XDR, we enable CrowdStrike users to leverage it for threat hunting and investigation features as well as rapid response actions to understand and defend against threats on the endpoint. It also provides important device inventory context to help triage detected threats.
Use the CrowdStrike integration to query for security detections of many different observables including file, network, email, host, and process identifiers, as well as to add MD5 and SHA-256 file hashes, IPv4 and IPv6 addresses, and domain names to blocklists, and isolate specific hosts from the network. This integration can also provide host and vulnerability information to Cisco XDR for triaging detections and incidents. It also creates a target automatically in Automation for out-of-box workflows.
Note: This integration requires XDR Advantage or XDR Premier licensing tier.
These are workflows that you can install in Cisco XDR automation and use with this integration. These are different from built-in workflows which are built into Cisco XDR by default for all customers.
These workflows are built into Cisco XDR automation and can be used with this integration. These are different from installable workflows, which are optional workflows you can install from Cisco and its partners.
These actions can be used in Cisco XDR automation to build workflows for this product. Workflows can help you automate how you investigate, respond to incidents, and more.