How to Integrate CrowdStrike with AWS Security Hub
Introduction
CrowdStrike has crafted a highly extensible platform that allows customers and partners alike to leverage APIs with other security solutions products. In this video and article, we will take a look at CrowdStrike’s integration with the AWS Security Hub platform.
Getting Started
To get started with the required CrowdStrike API, the first step is to define the API client and set its scope. This article addresses setting access and setting up a new API client key. In addition, complete API documentation is available in the Falcon user interface. The new API client will require the following scopes:
-
- Event Streams API – Read
- Hosts API – Read
- Sensor Download API – Read
The detailed configuration steps as well as the architecture, data flow and installation are documented in the integration guide.
How can customers use CrowdStrike event data within the Security Hub interface?
Once you have installed and configured the Security Hub integration, the AMI you launch will begin to send real time CrowdStrike Events to Security Hub. This allows you to view new threats at a glance.
You will be able to click into a detection to view more information about it, such as its severity and relevant metadata surrounding the event.
Conclusion
CrowdStrike’s integration with AWS Security Hub heightens the usability of Falcon event data allowing your incident responders to quickly identify and complete remediation of threats on your endpoints. Our API first approach makes it possible for you to leverage the CrowdStrike event data as needed to optimize your workflows and maximize the efforts of your overworked security staff.
More resources
- CrowdStrike 15-Day Free Trial
- Request a demo
- Guide to AV Replacement
- CrowdStrike Products
- CrowdStrike Cloud Security
Content provided by Dixon Styres
