Crowdstrike Falcon Reports

Updated 1 week ago by Elvis Hovor

This document explains how to set up and use Crowdstrike Falcon Reports with TruSTAR Station. 

  • Time to Install: 10 minutes
  • Type of Feed: Automatic updates
  • Update Frequency: 15 minutes
  • Intel Type: Premium Feed

Data Types

The integration pulls all observables supported by TruSTAR.

Requirements

  • Licensed user of Crowdstrike
  • Access to Crowdstrike Falcon Intelligence Reports.
  • Crowdstrike API ID and API key for the reports API.
TruSTAR Admin rights are required to activate this Premium Intel feed.

Getting Started

  1. Log into TruSTAR Station.
  2. Click the Marketplace icon on the left side icon list.
  3. Click Closed Sources.
  4. Click Subscribe on the Crowdstrike Falcon Reports box.
  5. Enter your API key and click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

Report Mapping 

Field 

Explanation

Report Title

The ID name field of the response. Example: 9951 CSIT-17023 Stampado 2.0 Released  

External ID

The ID field of response. Example: 9951

Report Body

Entire JSON body resources list of the response.

Time Begun

The created_date field of the response. Example: 1487684292

Report DeepLink

The URL of the report. Example: https://falcon.crowdstrike.com/intelligence/reports/csit-17023-stampado-2-0-released/)

Tags

Slugs of the response. Example: US

Known Issues

None reported.

Contact support@trustar.co if you have issues with this integration.

How Did We Do?