Harnessing and Extending the Power of CrowdStrike Falcon™ Endpoint Protection
CrowdStrike is committed to making the Falcon Platform both open and extensible — allowing customers and partners to easily integrate with CrowdStrike and extend their current solutions’ functionalities. Falcon Connect has been created to fully leverage the power of the CrowdStrike Falcon Platform by providing the APIs, resources and tools needed to develop, integrate and extend the use of the Falcon Platform itself and with other security platforms and tools.
Falcon Connect provides a rich set of resources to fully leverage the CrowdStrike Falcon Platform
A broad set of sophisticated and easy-to-use APIs enable applications to connect with the Falcon Platform and other external data sources:
Falcon Data Replicator API— provides complete event data which customers can ingest into their local data warehouse/data layer.
Falcon Respond API— provides functionality to manage detections and enact remediation efforts
Falcon Management API— focuses on management of how to upload, delete, update and view details on Indicators of Compromise (IOCs), bulk searches, and more
Falcon Streaming API— provides large volumes of data in near real-time for detections, audits and raw events
CrowdStrike Threat Graph™ API— enables customers to see the relationships between Indicators of Compromise (IOCs), devices, and processes
Falcon Intelligence API— provides a feed of information spanning adversary actors, indicators and news
Falcon Connect provides a rich environment to develop and deliver compelling and powerful applications that help security professionals and teams unleash the power of the Falcon Platform:
Falcon Orchestrator— provides enhanced workflow automation and remediation capabilities for CrowdStrike Falcon. This application improves the overall effectiveness and efficiency of security and IT teams in conducting their security practices and operations in the areas of account containment, file extraction, remediation, asset monitoring and forensics. CrowdStrike has made Falcon Orchestrator available as an open source application.
Falcon SIEM Connector— streamlines and automates the process of gathering CrowdStrike Falcon data into SIEMs. The application automatically connects to the CrowdStrike Falcon Platform and normalizes the data into formats that are immediately usable with SIEMs such as JSON, Syslog, CEF and LEEF.
CrowdStrike provides tools and resources to enable customers, partners and developers to benefit from our technology and experience:
Community Tools— a collection of resources ranging across vulnerability scanning, forensic collection, deobfuscation, process inspection.
Github repository— a variety of scripts, source code, libraries and tools covering a variety of security and CrowdStrike-related areas.