Introduction to the CrowdStrike Falcon SyncPack

Download this manual as a PDF file

This section describes how you can configure and use the "CrowdStrike Falcon" SyncPack with the PowerFlow platform to sync Skylar One events and CrowdStrike detections.

This SyncPack uses the "CrowdStrike Integration" PowerPack.

What Can I Do with this SyncPack?

The "CrowdStrike Falcon" SyncPack let you sync Skylar One events and CrowdStrike Falcon detections (security events). You can configure the automation policies in the "CrowdStrike Falcon Automation" PowerPack to pull events from CrowdStrike into Skylar One for use in event correlation and incident management.

Integration with the CrowdStrike Falcon platform allows security teams to accelerate operations by improving threat detection accuracy through a single interface. When a security detection occurs within the Falcon platform, such as potential malware on a device, the detection will be automatically sent to Skylar One as an event. From there, Skylar One can simultaneously create an incident to document the issue and trigger a response as defined by rules set by an administrator.

This SyncPack includes the following integrations:

  • Fetch Detections from CrowdStrike and Send Alert to Skylar One. This application acquires tokens and New Detections from CrowdStrike and creates alerts for Skylar One.
  • Clear Detection from Cache. This application acquires and saves event details to send to Skylar One.

Contents of the SyncPack

This section lists the contents of the "CrowdStrike Falcon" SyncPack.

PowerFlow Applications

  • Fetch Detections from CrowdStrike and Send Alert to Skylar One. This application acquires tokens and New Detections from CrowdStrike and creates alerts for Skylar One.
  • Clear Detection from Cache. This application acquires and saves event details to send to Skylar One.

For more information about how to configure these applications, see Configuring Applications for the CrowdStrike Falcon SyncPack.

Configuration Object

  • CrowdStrike Sample Configuration. This configuration object can be used as a template after the SyncPack is installed on the PowerFlow system.

Steps

The following steps are included in this SyncPack:

  • Fetch Detections and Generate Payloads for Skylar One
  • Fetch New Detections from CrowdStrike
  • Get Alerted Detections from Cache
  • Get Each Detection and Create Skylar One Alerts
  • Get Event Details and Clear Detections ID