crowdstrike

Classification:

attack

Set up the crowdstrike integration.

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detect when Crowdstrike raises an alert.

Strategy

CrowdStrike provides a centralized platform for monitoring and managing security-related notifications, alerts, and actions across endpoints and cloud workloads. This rule uses the third-party detection method to identify the following Crowdstrike events:

  • DetectionSummaryEvent
  • FirewallMatchEvent
  • IdentityProtectionEvent
  • IdpDetectionSummaryEvent
  • IncidentSummaryEvent

Triage and response

  1. Investigate the Crowdstrike alert to determine if it is malicious or benign.
  2. If the alert is benign, consider including the user, host or IP address in a suppression list. See Best practices for creating detection rules with Datadog Cloud SIEM for more information.
PREVIEWING: may/unit-testing