X

Our website uses cookies to enhance your browsing experience.

CONTINUE TO SITE >

Falcon Connect

HARNESSING THE POWER OF THE CROWDSTRIKE FALCON PLATFORM

CrowdStrike® is committed to making the Falcon platform both open and extensible — allowing customers and partners to easily integrate with CrowdStrike and extend their current solutions’ functionalities.

Falcon Connect is CrowdStrike’s collection of the APIs, applications and tools needed to develop, integrate and extend the use of the CrowdStrike Falcon® platform, alone and with other security platforms and tools.

Connect

FALCON CONNECT PROVIDES A RICH SET OF RESOURCES TO FULLY LEVERAGE THE CROWDSTRIKE FALCON PLATFORM

Connect API

Falcon Streaming API — Obtain a near real-time stream of detections, alerts and audit events. Can be ingested into a SIEM for correlation and triage.

Falcon Data Replicator API — Complete event data which can be ingested into local data warehouses or logging applications.

Falcon Threat Graph API — See the relationships between indicators of compromise (IOCs), devices, and processes. Visualize relationships with tools such as Maltego.

Falcon Query API — Query the Falcon platform to search for indicators of attack (IOAs) and IOCs in these key areas:

Custom IOCs — Upload customized IOCs for the CrowdStrike cloud to detect.

Devices — Query the Falcon cloud to search for detailed device information.

Investigate — Hunt for indicators that have been seen in your environment and drill down to affected devices and processes.

Respond — Manage detection statuses per your requirements.

Falcon Intel API — Obtain access to indicators, adversaries, reports, and custom intelligence alerts.

Download the CrowdStrike
Falcon API Datasheet

Download

Get answers to
Frequently Asked Questions

Read FAQ

Falcon Connect

APPLICATIONS

The CrowdStrike Falcon platform provides a rich set of tools to develop and deliver compelling and powerful applications that help security professionals and teams unleash the power of the Falcon platform. Here are some examples of applications that leverage the Falcon platform:

Falcon Orchestrator — Provides enhanced workflow automation and remediation capabilities using the Falcon platform. This application improves the overall effectiveness and efficiency of security and IT teams in conducting their security practices and operations in the areas of account containment, file extraction, remediation, asset monitoring and forensics. Falcon Orchestrator is available as an open source application for SOC analysts.

Falcon SIEM Connector — Streamlines the process of connecting to the CrowdStrike Falcon Streaming API and importing the data into SIEMs and other log management tools. The application automatically connects to the CrowdStrike Falcon platform, managing and normalizing the data into formats that are immediately usable by SIEMs such as JSON, CEF, and LEEF.

Connect

TOOLS

CrowdStrike provides tools and resources to enable customers, partners and developers to benefit from our technology and experience:

Community Tools — A collection of resources encompassing vulnerability scanning, forensic collection, deobfuscation, and process inspection

Github repository — A collection of scripts, source code, libraries and tools covering a variety of security and CrowdStrike-related areas

 

Try CrowdStrike Free for 15 Days Get Started with A Free Trial