CrowdStrike Falcon Intelligence
Develop insights into the identity, motives, and techniques of advanced adversaries. Leverage strategic and actionable intelligence to respond to current threats and plan for threats in the future. Gain context into activity that requires immediate attention.
Integrate with rich APIs to customize defense strategies
Develop informed tactics for current threats, and plan for threats that may exist in the future.
Align business initiatives and adjust defensive posture when key business drivers are occurring
Leverage real-time information about current intrusion or fraud activity detected on external networks.
Leverage real-time operational support for responses to security events
Step 1: All-Source Methodology
Multi-source methodology and proprietary collection sources provide unparalleled access to raw intelligence
Step 2: Intelligence Analysis
World-class human analysts and automation tools consume raw intelligence and process it into finished intelligence.
Step 3: Reporting
Consume detailed technical, strategic, and tailored analysis through a web-based portal
Step 4: Operationalizing Intelligence
Incorporate actionable intelligence feeds into existing enterprise security infrastructure. Identify adversary malware and command & control channels.
Step 5: Actionable Threat Intelligence
Incorporate CrowdStrike Falcon Intelligence into pen testing, security operations, user awareness, and incident response
Customers can submit data to the portal which reaches the CrowdStrike Intelligence Team, this can include email, binary samples, or pcaps. Tailored Intelligence allows customers to define keywords for key personnel, products, and ip/domain addresses.
Security Operations Centers, Cyber Threat Intelligence Teams, and C-Level Customers
The Falcon Intelligence API is a RESTful API that returns easy to consume JSON formatted data.The API is accessible for customized integration with a wide range of products ranging from SEIM to data visualization.
Suspicious files can be submitted directly through the Falcon Intelligence portal.
Yes, all reports or alerts provided to the customer include Analyst comments and additional investigation suggestions.