CrowdStrike Threat Graph®

The industry’s leading cloud-scale AI brains behind CrowdStrike® Security Cloud predicts and prevents modern threats in real time

Advantages of Threat Graph

Comprehensive data sets

Continuous high-fidelity telemetry with forensic-level detail across endpoints and workloads distributed across the network edge and hybrid cloud infrastructure — including Windows, macOS, and Linux, together with cloud-native storage for always-on data availability.

Cloud-scale analytics

Contextual relationship derivation with ML algorithms and deep analytics across billions of disjoint and siloed data elements — allows for fast, on-demand search and query across real-time and historical data for speedy investigation and response.

Real-time attack visibility

Real-time visibility with instant access to enriched data and intuitive dashboards for advanced workflows and visualizations — covers ephemeral, online, offline and even end-of-life hosts to arm your responders with data so they can respond to threads immediately and act decisively

Technical features

Purpose-built graph database for cybersecurity

Power of Security Cloud
  • Fully operational in minutes: Complete turnkey solution with no additional hardware or deployments
  • Power of the crowd: Use network effect to protect everyone against a new threat, regardless of where it is encountered
  • Zero maintenance overhead: See value from Day One, with no additional custom tuning, costly consulting, re-architecting or maintenance overhead
  • Scale and elasticity: Automatically scales and grows with demand and change
Power of data
  • Enriched telemetry: Capture trillions of security events across endpoints, workloads and identities and enrich with threat intelligence, context and correlation markers
  • Deep analytics: Reveal contextual relationships between data elements to identify and respond to new and unusual threats in real time by applying graph analytics and ML algorithms
  • Powerful search: The robust query and search engine provides current and historical forensic details to arm responders for threat investigations
  • Data availability: On-demand access to enriched data with powerful visualization dashboards helps investigators understand the full context of the attack on any affected host, regardless of location
Maximum security efficiency
  • Actionable insights: The industry’s leading collection of powerful insights gathers more than a trillion events per day spanning across 2 trillion vertices and analyzing over 15 petabytes of data
  • Integrated threat intelligence: Telemetry is enriched with real-world threats and identifies new attacks associated with known threat actors
  • Accelerated response: Real-time visualization and automated concurrent analysis lead to faster investigation and response times
  • Proactive threat hunting: Threat hunters can run ad hoc queries for successful and timely detections of unknown threats
Single source of truth
  • Single data source: Gain rapid access to everything required to prevent, detect, investigate, and respond
  • Single intelligent agent: The lightweight agent provides smart-filtering capability streams relevant data for enrichment and correlation to the Threat Graph — with no performance impact
  • Robust set of APIs: Powerful APIs allow for security orchestration, automation, response and other advanced workflows
  • Rich integrations: APIs and bidirectional data flow enable tight integrations with third-party security and IT solutions to share insights from multiple data sources
  • Cloud-delivered resources: Threat Graph scales with demand and provides necessary storage, compute and rich analytics required, with up to a year of all detections encountered
  • Enriched data archive: Optional offline replica of enriched telemetry is available for archive, compliance requirements and additional analytics

Technical Center

For technical information on the installation, policy configuration and more, please visit the CrowdStrike Tech Center.

Learn more