Crest Data Systems Logo
Contact Us

CrowdStrike Integration

crowd_strike

CrowdStrike Integration

Crest built an app for Falcon Endpoint that reduces security incident exposure with automatic responses.

  1. Home
  2. Case Studies
  3. CrowdStrike Integration

Executive Summary

CrowdStrike customers used to write custom scripts to pull IOC data into Splunk for further analysis. They had to set up appropriate rules to correlate across various datasets. A Splunk app would simplify this entire operation and help customers to get near real-time alerting on their own IOCs.

About Customer

CrowdStrike, Inc. is an American cybersecurity technology company based in Sunnyvale, California, and a wholly owned subsidiary of CrowdStrike Holdings, Inc. The company provides endpoint security, threat intelligence, and incident response services to customers in more than 170 countries.

Business Challenge

CrowdStrike customers used to write custom scripts to pull IOC data into Splunk for further analysis. They had to setup appropriate rules to correlate across various data sets. A Splunk app would simplify this entire operation and help customers to get near real-time alerting on their own IOCs. When security teams need to find and resolve breaches quickly—before business is impacted— Splunk Enterprise Security (ES) solution can help with an Adaptive Response Framework (that automates workflow-based processes across heterogeneous environments).

Customer Solution

Splunk Infrastructure Management: Crest Data Systems wrote a Splunk app for Falcon Endpoint allows Splunk admins to collect malware event logs using modular inputs. Based on this malware data can be analyse or use it as a contextual data feed to correlate with other malware-related data in the Splunk platform. Crest also helped build conceptual views of malware event data, upload their own IOC data to the Falcon platform using Splunk Adaptive Response (AR). Following actions were implemented:

  • Upload IOC
  • Change detection status
  • IOC search: Get device count

The Crest Difference

Splunk ES Integration heped:

  • Reduce security incident exposure by automatic responses
  • Customize searches, alerts, reports, and dashboards for specific business needs
  • Prioritise and act on incidents through centralized logs, alerts, reports, and workflows
CONTACT OUR EXPERTS

We’d love to hear about your project and help you get started.

Contact our sales team to discuss your business requirements.


    See what Crest Data Systems can do for you

    Get in Touch

    Our Services

    Product Engineering Services

    Managed Services

    Professional Services

    DevOps

    Site Reliability Engineering

    Company Information

    About Us

    Blogs

    Partnerships

    Careers

    Contact Us

    Social Media

    Linkedin Twitter Facebook

    Copyright © 2023 Crest Data Systems. | Privacy Policy

    arrow