CrowdStrike Threat Graph

The industry’s leading cloud-scale AI brains behind CrowdStrike® Security Cloud predicts and prevents modern threats in real time
Start free trial


Advantages of Threat Graph

  • complex icon

    Comprehensive Data Sets

    Continuous high-fidelity telemetry with forensic-level detail across endpoints and workloads distributed across the network edge and hybrid cloud infrastructure — including Windows, macOS, and Linux, together with cloud-native storage for always-on data availability.

  • resources icon

    Cloud-Scale Analytics

    Contextual relationship derivation with ML algorithms and deep analytics across billions of disjoint and siloed data elements — allows for fast, on-demand search and query across real-time and historical data for speedy investigation and response.

  • triage icon

    Real-Time Attack Visibility

    Real-time visibility with instant access to enriched data and intuitive dashboards for advanced workflows and visualizations — covers ephemeral, online, offline and even end-of-life hosts to arm your responders with data so they can respond to threads immediately and act decisively

Technical Features

Purpose-built Graph Database for Cybersecurity

Falcon cloud

Power of Security Cloud

  • Fully operational in minutes: Complete turnkey solution with no additional hardware or deployments
  • Power of the crowd: Use network effect to protect everyone against a new threat, regardless of where it is encountered
  • Zero maintenance overhead: See value from Day One, with no additional custom tuning, costly consulting, re-architecting or maintenance overhead
  • Scale and elasticity: Automatically scales and grows with demand and change

Report: Total Economic Impact™ of CrowdStrike

Pub sec healthcare

Power of data

  • Enriched telemetry: Capture trillions of security events across endpoints, workloads and identities and enrich with threat intelligence, context and correlation markers
  • Deep analytics: Reveal contextual relationships between data elements to identify and respond to new and unusual threats in real time by applying graph analytics and ML algorithms
  • Powerful search: The robust query and search engine provides current and historical forensic details to arm responders for threat investigations
  • Data availability: On-demand access to enriched data with powerful visualization dashboards helps investigators understand the full context of the attack on any affected host, regardless of location

Blog: 3 Best Practices for Building a High-Performance Graph Database

Falcon prevent hosts interface

Maximum security efficiency

  • Actionable insights: The industry’s leading collection of powerful insights gathers more than a trillion events per day spanning across 2 trillion vertices and analyzing over 15 petabytes of data
  • Integrated threat intelligence: Telemetry is enriched with real-world threats and identifies new attacks associated with known threat actors
  • Accelerated response: Real-time visualization and automated concurrent analysis lead to faster investigation and response times
  • Proactive threat hunting: Threat hunters can run ad hoc queries for successful and timely detections of unknown threats

Whitepaper: Stop Breaches with Threat Graph

Falcon logo on cloud

Single source of truth

  • Single data source: Gain rapid access to everything required to prevent, detect, investigate, and respond
  • Single intelligent agent: The lightweight agent provides smart-filtering capability streams relevant data for enrichment and correlation to the Threat Graph — with no performance impact
  • Robust set of APIs: Powerful APIs allow for security orchestration, automation, response and other advanced workflows
  • Rich integrations: APIs and bidirectional data flow enable tight integrations with third-party security and IT solutions to share insights from multiple data sources
  • Cloud-delivered resources: Threat Graph scales with demand and provides necessary storage, compute and rich analytics required, with up to a year of all detections encountered
  • Enriched data archive: Optional offline replica of enriched telemetry is available for archive, compliance requirements and additional analytics

Threat Graph Solution Brief

Technical Center

For technical information on the installation, policy configuration and more, please visit the CrowdStrike Tech Center.

  • OS icon
  • Deployment icon
  • Install graphic
Learn more

Third-Party Validation

Since 2016, CrowdStrike has demonstrated a strong commitment to continuous industry collaboration, scrutiny, and testing. Time and time again, CrowdStrike has been independently certified to replace legacy solutions.

  • Named a Leader

    Download the report to learn why CrowdStrike was named a “Leader” in the 2022 Gartner Magic Quadrant for Endpoint Protection Platforms.

    Read the report


    Read the report to see why CrowdStrike was Named a “Leader” in Forrester Wave for Endpoint Detection and Response Providers, Q2 2022.

    Read the report


    Learn why CrowdStrike scores highest overall out of 20 vendors for use case Type A or “forward leaning” organizations.

    Read the Report

Visit our third-party evaluations page to see how CrowdStrike performed against the industry’s most rigorous tests and trials.