How to Integrate CrowdStrike with AWS Security Hub

November 25, 2019
Rachel Scobey
Tech Center

Introduction

CrowdStrike has crafted a highly extensible platform that allows customers and partners alike to leverage APIs with other security solutions products. In this video and article, we will take a look at CrowdStrike’s integration with the AWS Security Hub platform.

Video

Getting Started

Before setting up the integration in your AWS account, there are a few prerequisite steps. These steps are covered in more detail in the configuration guide.

Contact the CrowdStrike support team at support@crowdstrike.com to request the enablement of your Streaming API if this has not been done already.
Contact the Integration team at : FIG-AWS-SH@crowdstrike.com
1. Request the AMI image to be shared by providing an account number and region.
2. Review the provided Cloud Formation template and apply it to your environment
3. Deploy the shared AMI Image

Once the image is launched, enter the API information according to the guide making sure to enter your account ARNs (Amazon Resource Names) as well.

How can customers use CrowdStrike event data within the Security Hub interface?

Once you have installed and configured the Security Hub integration, the AMI you launch will begin to send real time CrowdStrike Eventsto Security Hub. This allows you to view new threats at a glance.

AWS Security Hub event list

You will be able to click into a detection to view more information about it, such as its severity and relevant metadata surrounding the event.

AWS security hub link

Conclusion

CrowdStrike’s integration with AWS Security Hub heightens the usability of Falcon event data allowing your incident responders to quickly identify and complete remediation of threats on your endpoints. Our API first approach makes it possible for you to leverage the CrowdStrike event data as needed to optimize your workflows and maximize the efforts of your overworked security staff.

More resources

Content provided by Dixon Styres