Set up the crowdstrike integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect when Crowdstrike raises an alert.
Strategy
CrowdStrike provides a centralized platform for monitoring and managing security-related notifications, alerts, and actions across endpoints and cloud workloads. This rule uses the third-party detection method to identify the following Crowdstrike events:
- DetectionSummaryEvent
- FirewallMatchEvent
- IdentityProtectionEvent
- IdpDetectionSummaryEvent
- IncidentSummaryEvent
Triage and response
- Investigate the Crowdstrike alert to determine if it is malicious or benign.
- If the alert is benign, consider including the user, host or IP address in a suppression list. See Best practices for creating detection rules with Datadog Cloud SIEM for more information.
