CrowdStrike Integration with Splunk

This app reduces security incident exposure by automatic responses. Also, do customize searches, alerts, reports and dashboards for specific business needs

Executive Summary

CrowdStrike customers used to write custom scripts to pull IOC data into Splunk for further analysis. They had to set up appropriate rules to correlate across various datasets. A Splunk app would simplify this entire operation and help customers to get near real-time alerting on their own IOCs.

Services
  • Enterprise Integrations
  • Managed Services
  • Managed SIEM
Technology and Platform
  • SIEM - Splunk ES

About Client

CrowdStrike, Inc. is an American cybersecurity technology company based in Sunnyvale, California, and a wholly owned subsidiary of CrowdStrike Holdings, Inc. The company provides endpoint security, threat intelligence, and incident response services to customers in more than 170 countries.

Business Challenge

CrowdStrike customers used to write custom scripts to pull IOC data into Splunk for further analysis. They had to setup appropriate rules to correlate across various data sets. A Splunk app would simplify this entire operation and help customers to get near real-time alerting on their own IOCs. When security teams need to find and resolve breaches quickly—before business is impacted— Splunk Enterprise Security (ES) solution can help with an Adaptive Response Framework (that automates workflow-based processes across heterogeneous environments).

Client Solution

Crest Data Systems wrote a Splunk app for Falcon Endpoint allows Splunk admins to collect malware event logs using modular inputs. Based on this malware data can be analyse or use it as a contextual data feed to correlate with other malware-related data in the Splunk platform. Crest also helped build conceptual views of malware event data, upload their own IOC data to the Falcon platform using Splunk Adaptive Response (AR). Following actions were implemented:

  • Upload IOC
  • Change detection status
  • IOC search: Get device count

The Crest Difference

Splunk ES Integration heped:

  • Reduce security incident exposure by automatic responses
  • Customize searches, alerts, reports, and dashboards for specific business needs
  • Prioritise and act on incidents through centralized logs, alerts, reports, and workflows

Download Case Study

Download a detailed case study to explore a solution in detail.

I agree with storage and handling of my information.


By using this site, you agree with our use of cookies. Privacy Policy