Endpoint Security and Protection API: Falcon Connect
HARNESSING THE POWER OF THE CROWDSTRIKE FALCON PLATFORM
CrowdStrike® is committed to making the Falcon platform both open and extensible — allowing customers and partners to easily integrate with CrowdStrike and extend their current solutions’ functionalities.
Falcon Connect is CrowdStrike’s collection of the APIs, applications and tools needed to develop, integrate and extend the use of the CrowdStrike Falcon® platform, alone and with other security platforms and tools.
FALCON CONNECT PROVIDES A RICH SET OF RESOURCES TO FULLY LEVERAGE THE CROWDSTRIKE FALCON PLATFORM
Falcon Streaming API — Obtain a near real-time stream of detections, alerts and audit events. Can be ingested into a SIEM for correlation and triage.
Falcon Data Replicator API — Complete event data which can be ingested into local data warehouses or logging applications.
Falcon Threat Graph API — See the relationships between indicators of compromise (IOCs), devices, and processes. Visualize relationships with tools such as Maltego.
Falcon Query API — Query the Falcon platform to search for indicators of attack (IOAs) and IOCs in these key areas:
Custom IOCs — Upload customized IOCs for the CrowdStrike cloud to detect.
Devices — Query the Falcon cloud to search for detailed device information.
Investigate — Hunt for indicators that have been seen in your environment and drill down to affected devices and processes.
Respond — Manage detection statuses per your requirements.
Falcon Intel API — Obtain access to indicators, adversaries, reports, and custom intelligence alerts.
The CrowdStrike Falcon platform provides a rich set of tools to develop and deliver compelling and powerful applications that help security professionals and teams unleash the power of the Falcon platform. Here are some examples of applications that leverage the Falcon platform:
Falcon Orchestrator — Provides enhanced workflow automation and remediation capabilities using the Falcon platform. This application improves the overall effectiveness and efficiency of security and IT teams in conducting their security practices and operations in the areas of account containment, file extraction, remediation, asset monitoring and forensics. Falcon Orchestrator is available as an open source application for SOC analysts.
Falcon SIEM Connector — Streamlines the process of connecting to the CrowdStrike Falcon Streaming API and importing the data into SIEMs and other log management tools. The application automatically connects to the CrowdStrike Falcon platform, managing and normalizing the data into formats that are immediately usable by SIEMs such as JSON, CEF, and LEEF.
CrowdStrike provides tools and resources to enable customers, partners and developers to benefit from our technology and experience:
Community Tools — A collection of resources encompassing vulnerability scanning, forensic collection, deobfuscation, and process inspection
Github Repository — A collection of scripts, source code, libraries and tools covering a variety of security and CrowdStrike-related areas