CrowdStrike Falcon Intelligence
Develop insights into the identity, motives, and techniques of advanced adversaries. Leverage strategic and actionable intelligence to respond to current threats and plan for threats in the future. Gain context into activity that requires immediate attention.

Malware Submission: Provide malware samples and receive customized and actionable intelligence reporting
Reporting: Detailed technical and strategic analysis of 50+ adversaries’ capabilities, indicators and tradecraft, attribution, and intentions
Actionable Intelligence: Customizable feeds and proactive indicators integrate with existing security infrastructure
Adversary Profiles: Unlimited access to profiles of all adversaries tracked by the CrowdStrike Global Intelligence Team
Tailored Intelligence: Visibility into breaking events that matter to an organization’s brand, infrastructure, and customers


  • Integrate with rich APIs to customize defense strategies

  • Develop informed tactics for current threats, and plan for threats that may exist in the future.

  • Align business initiatives and adjust defensive posture when key business drivers are occurring

  • Leverage real-time information about current intrusion or fraud activity detected on external networks.

  • Leverage real-time operational support for responses to security events


Is the intelligence content customized or tailored for an individual customer?

Customers can submit data to the portal which reaches the CrowdStrike Intelligence Team, this can include email, binary samples, or pcaps. Tailored Intelligence allows customers to define keywords for key personnel, products, and ip/domain addresses.

What roles typically consume your intelligence content?

Security Operations Centers, Cyber Threat Intelligence Teams, and C-Level Customers

Is there an API?

The Falcon Intelligence API is a RESTful API that returns easy to consume JSON formatted data.The API is accessible for customized integration with a wide range of products ranging from SEIM to data visualization.

Is there a way to submit malware samples or suspicious files?

Suspicious files can be submitted directly through the Falcon Intelligence portal.

Do the reports include analyst comments or suggestions for the investigation?

Yes, all reports or alerts provided to the customer include Analyst comments and additional investigation suggestions.

Technical Specs


Intelligence feed formats: RAW (CSV), Yara, Snort/Suricata, NetWitness, CEF, STIX