Version 100 of the "CrowdStrike Falcon Automation" PowerPack is the initial version of the PowerPack. This PowerPack introduces an example credential, run book automation policies, run book action policies, and event policies to configure to notify users about events.
This PowerPack works with the "CrowdStrike Falcon Automation" SyncPack.
Before You Install
Ensure that you are running version 11.2.0 or later of SL1 before installing "CrowdStrike Falcon Automation" PowerPack version 100.
For details on upgrading SL1, see the relevant SL1 Platform Release Notes.
Installation Process
To install this PowerPack:
- Search for and download the PowerPack from the PowerPacks page (Product Downloads > PowerPacks & SyncPacks) at the ScienceLogic Support Site.
- In SL1, go to the PowerPacks page (System > Manage > PowerPacks).
- Click the Actions menu and choose Import PowerPack. The Import PowerPack modal appears.
- Click and navigate to the PowerPack file from step 1.
- Select the PowerPack file and click . The PowerPack Installer modal displays a list of the PowerPack contents.
- Click . The PowerPack is added to the PowerPack Manager page.
Features
This release includes the following features:
- An example SOAP/XML credential that you can use as a template to send information to PowerFlow: "PowerFlow Crowdstrike".
- A run book automation policy that lets CrowdStrike automatically update SL1 events: "CrowdStrike: Clear Detection ID".
- A run book action policy that integrates with CrowdStrike to automatically update SL1 events: "CrowdStrike: Clear Detection ID".
- An event policy to trigger SL1 events detected by the applications included in the CrowdStrike SyncPack: "CrowdStrike: Alert to Event".
Known Issues
This release has no known issues.