CrowdStrike Falcon Intelligence Integration User Guide

Last Updated: Jul 24, 2019 07:59AM EDT

CrowdStrike® Falcon Intelligence™ provides enterprises with insights into the identity, motives, and techniques of advanced adversaries through strategic, customized, and actionable intelligence. It enables organizations to prioritize resources by differentiating between targeted and commodity attacks, saving time and allowing resources to be focused on critical threats. The insights Falcon Intelligence provides into adversary tools, tactics, and procedures (TTPs) enable analysts to identify pending attacks and automatically feed threat intelligence via API, SIEM, and third-party security tools.

The ThreatConnect® integration with CrowdStrike Falcon Intelligence allows ThreatConnect customers to import information Reports, Indicators, and Actors, along with all of their context, from the CrowdStrike Falcon Intelligence feed into ThreatConnect.

The following Indicator types are currently supported: Address, Email Address, File, Host, URL, Email Subject (custom), Mutex, and Registry Key. Indicators are associated with Reports and Adversaries in ThreatConnect. Reports are also associated with Adversaries in ThreatConnect.

Contact Us

  • ThreatConnect, Inc.
    3865 Wilson Blvd.
    Suite 550
    Arlington, VA 22203

    Toll Free:   1.800.965.2708
    Local: +1.703.229.4240
    Fax +1.703.229.4489

    Email Us
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found