Set up the crowdstrike integration.
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Goal
Detect when Crowdstrike raises an alert.
Strategy
CrowdStrike provides a centralized platform for monitoring and managing security-related notifications, alerts, and actions across endpoints and cloud workloads. This rule uses the third-party detection method to identify the following Crowdstrike events:
- DetectionSummaryEvent
- FirewallMatchEvent
- IdentityProtectionEvent
- IdpDetectionSummaryEvent
- IncidentSummaryEvent
Triage and response
- Investigate the Crowdstrike alert to determine if it is malicious or benign.
- If the alert is benign, consider including the user, host or IP address in a suppression list. See Best practices for creating detection rules with Datadog Cloud SIEM for more information.