CrowdStrike Falcon Integration

CrowdStrike Falcon is an Extended Detection and Response (XDR) and Endpoint Detection and Response (EDR) offering. CrowdStrike Falcon security events can generate and contribute to correlated incidents in Cisco XDR.

In Cisco XDR, we enable CrowdStrike Falcon users to leverage it for threat hunting and investigation features as well as rapid response actions to understand and defend against threats on the endpoint. It also provides important device inventory context to help triage detected threats.

Use the CrowdStrike Falcon integration to query for security detections of many different observables including file, network, email, host, and process identifiers, as well as to add MD5 and SHA-256 file hashes, IPv4 and IPv6 addresses, and domain names to blocklists, and isolate specific hosts from the network. This integration can also provide host and vulnerability information to Cisco XDR for triaging detections and incidents.