CrowdStrike has crafted a highly extensible platform that allows customers and partners alike to leverage APIs with other security solutions products. In this video and article, we will take a look at CrowdStrike’s integration with the AWS Security Hub platform.
Before setting up the integration in your AWS account, there are a few prerequisite steps. These steps are covered in more detail in the configuration guide.
- Contact the CrowdStrike support team at firstname.lastname@example.org to request the enablement of your Streaming API if this has not been done already.
- Contact the Integration team at : FIG-AWS-SH@crowdstrike.com
- Request the AMI image to be shared by providing an account number and region.
- Review the provided Cloud Formation template and apply it to your environment
- Deploy the shared AMI Image
Once the image is launched, enter the API information according to the guide making sure to enter your account ARNs (Amazon Resource Names) as well.
How can customers use CrowdStrike event data within the Security Hub interface?
Once you have installed and configured the Security Hub integration, the AMI you launch will begin to send real time CrowdStrike Eventsto Security Hub. This allows you to view new threats at a glance.
You will be able to click into a detection to view more information about it, such as its severity and relevant metadata surrounding the event.
CrowdStrike’s integration with AWS Security Hub heightens the usability of Falcon event data allowing your incident responders to quickly identify and complete remediation of threats on your endpoints. Our API first approach makes it possible for you to leverage the CrowdStrike event data as needed to optimize your workflows and maximize the efforts of your overworked security staff.
- CrowdStrike 15-Day Free Trial
- CrowdStrike Tech Center
- Sign up for a weekly Falcon demo
- Request a 1:1 Demo
- Guide to AV Replacement
- CrowdStrike Products
- White Paper on Falcon OverWatch
Content provided by Dixon Styres