CrowdStrike Falcon Intelligence
Develop insights into the identity, motives, and techniques of advanced adversaries. Leverage strategic and actionable intelligence to respond to current threats and plan for threats in the future. Gain context into activity that requires immediate attention.

Malware Submission: Provide malware samples and receive customized and actionable intelligence reporting
Reporting: Detailed technical and strategic analysis of 50+ adversaries’ capabilities, indicators and tradecraft, attribution, and intentions
Actionable Intelligence: Customizable feeds and proactive indicators integrate with existing security infrastructure
Adversary Profiles: Unlimited access to profiles of all adversaries tracked by the CrowdStrike Global Intelligence Team
Tailored Intelligence: Visibility into breaking events that matter to an organization’s brand, infrastructure, and customers
Benefits
Integrate with rich APIs to customize defense strategies
Develop informed tactics for current threats, and plan for threats that may exist in the future.
Align business initiatives and adjust defensive posture when key business drivers are occurring
Leverage real-time information about current intrusion or fraud activity detected on external networks.
Leverage real-time operational support for responses to security events

How it Works

  • Step One: All-Source Methodology
    Multi-source methodology and proprietary collection sources provide unparalleled access to raw intelligence
  • Step Two: Intelligence Analysis
    World-class human analysts and automation tools consume raw intelligence and process it into finished intelligence.
  • Step Three: Reporting
    Consume detailed technical, strategic, and tailored analysis through a web-based portal
  • Step Four: Operationalizing Intelligence
    Incorporate actionable intelligence feeds into existing enterprise security infrastructure. Identify adversary malware and command & control channels.
  • Step Five: Actionable Threat Intelligence
    Incorporate CrowdStrike Falcon Intelligence into pen testing, security operations, user awareness, and incident response

FAQs

Is the intelligence content customized or tailored for an individual customer?

Customers can submit data to the portal which reaches the CrowdStrike Intelligence Team, this can include email, binary samples, or pcaps. Tailored Intelligence allows customers to define keywords for key personnel, products, and ip/domain addresses.

What roles typically consume your intelligence content?

Security Operations Centers, Cyber Threat Intelligence Teams, and C-Level Customers

Is there an API?

The Falcon Intelligence API is a RESTful API that returns easy to consume JSON formatted data.The API is accessible for customized integration with a wide range of products ranging from SEIM to data visualization.

Is there a way to submit malware samples or suspicious files?

Suspicious files can be submitted directly through the Falcon Intelligence portal.

Do the reports include analyst comments or suggestions for investigation?

Yes, all reports or alerts provided to the customer include Analyst comments and additional investigation suggestions.

Technical Specs

Intelligence feed formats: RAW (CSV), Yara, Snort/Suricata, NetWitness, CEF, STIX