How to Integrate CrowdStrike with AWS Security Hub

Introduction

CrowdStrike has crafted a highly extensible platform that allows customers and partners alike to leverage APIs with other security solutions products. In this video and article, we will take a look at CrowdStrike’s integration with the AWS Security Hub platform.

Video

Getting Started

Before setting up the integration in your AWS account, there are a few prerequisite steps. These steps are covered in more detail in the configuration guide.

1. To get started with the CrowdStrike API, you’ll want to first define the API client and set its scope. Refer to this guide to getting access to the CrowdStrike API for setting up a new API client key. For the new API client, make sure the scope includes the following:
   • Event Streams – Read
2. Contact the Integration team at : FIG-AWS-SH@crowdstrike.com 
   1. Request the AMI image to be shared by providing an account number and region.
   2. Review the provided Cloud Formation template and apply it to your environment
   3. Deploy the shared AMI Image

Once the image is launched, enter the API information according to the guide making sure to enter your account ARNs (Amazon Resource Names) as well.

 

How can customers use CrowdStrike event data within the Security Hub interface?

Once you have installed and configured the Security Hub integration, the AMI you launch will begin to send real time CrowdStrike Events to Security Hub. This allows you to view new threats at a glance.

 

You will be able to click into a detection to view more information about it, such as its severity and relevant metadata surrounding the event.

 

Conclusion

CrowdStrike’s integration with AWS Security Hub heightens the usability of Falcon event data allowing your incident responders to quickly identify and complete remediation of threats on your endpoints. Our API first approach makes it possible for you to leverage the CrowdStrike event data as needed to optimize your workflows and maximize the efforts of your overworked security staff.

 

More resources

• CrowdStrike 15-Day Free Trial
• CrowdStrike Tech Center
• Sign up for a weekly Falcon demo
• Request a 1:1 Demo
• Guide to AV Replacement
• CrowdStrike Products
• White Paper on Falcon OverWatch

 

Content provided by Dixon Styres