How to Integrate CrowdStrike with AWS Security Hub


CrowdStrike has crafted a highly extensible platform that allows customers and partners alike to leverage APIs with other security solutions products. In this video and article, we will take a look at CrowdStrike’s integration with the AWS Security Hub platform.


Getting Started

Before setting up the integration in your AWS account, there are a few prerequisite steps. These steps are covered in more detail in the configuration guide.

  1. To get started with the CrowdStrike API, you’ll want to first define the API client and set its scope. Refer to this guide to getting access to the CrowdStrike API for setting up a new API client key. For the new API client, make sure the scope includes the following:
    • Event Streams – Read
  2. Contact the Integration team at : 
    1. Request the AMI image to be shared by providing an account number and region.
    2. Review the provided Cloud Formation template and apply it to your environment
    3. Deploy the shared AMI Image

Once the image is launched, enter the API information according to the guide making sure to enter your account ARNs (Amazon Resource Names) as well.


How can customers use CrowdStrike event data within the Security Hub interface?

Once you have installed and configured the Security Hub integration, the AMI you launch will begin to send real time CrowdStrike Events to Security Hub. This allows you to view new threats at a glance.

AWS Security Hub event list


You will be able to click into a detection to view more information about it, such as its severity and relevant metadata surrounding the event.

AWS security hub link



CrowdStrike’s integration with AWS Security Hub heightens the usability of Falcon event data allowing your incident responders to quickly identify and complete remediation of threats on your endpoints. Our API first approach makes it possible for you to leverage the CrowdStrike event data as needed to optimize your workflows and maximize the efforts of your overworked security staff.


More resources


Content provided by Dixon Styres

CrowdStrike Falcon Free Trial

Try CrowdStrike Free for 15 Days Get Started with A Free Trial