How to Ingest IOCs and Integrate with SIEM Solutions
CrowdStrike Falcon supports importing Indicators of Compromise (IOCs). This can be done manually in the user interface, or programmatically via the Falcon IOC Import API. When using the API, a search is done during the import. This search scans your Threat Graph for any past hits on that IOC, and also starts monitoring for future instances of it on your endpoints. You can also manually search for IOCs in the Investigate and Events Apps. This demo also includes a walkthrough of how these events can be pushed to a SIEM. For illustration purposes we use Soltra and HP ArcSight in this demo.