CrowdStrike® Falcon Intelligence™ provides enterprises with insights into the identity, motives, and techniques of advanced adversaries through strategic, customized, and actionable intelligence. It enables organizations to prioritize resources by differentiating between targeted and commodity attacks, saving time and allowing resources to be focused on critical threats. The insights Falcon Intelligence provides into adversary tools, tactics, and procedures (TTPs) enable analysts to identify pending attacks and automatically feed threat intelligence via API, SIEM, and third-party security tools.
The ThreatConnect® integration with CrowdStrike Falcon Intelligence allows ThreatConnect customers to import information Reports, Indicators, and Actors, along with all of their context, from the CrowdStrike Falcon Intelligence feed into ThreatConnect.
The following Indicator types are currently supported: Address, Email Address, File, Host, URL, Email Subject (custom), Mutex, and Registry Key. Indicators are associated with Reports and Adversaries in ThreatConnect. Reports are also associated with Adversaries in ThreatConnect.