Skip to content

Commit

Permalink
Update crowdstrike_telemetry.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@rombernier
rombernier committed Oct 17, 2023
1 parent 3e94778 commit 381956e
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 1 deletion.
9 changes: 8 additions & 1 deletion docs/xdr/features/collect/integrations/endpoint/crowdstrike_falcon.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,13 @@ type: intake
CrowdStrike Falcon is an Endpoint Detection and Response solution.
This setup guide explains how to forward and collect the detections and activity logs of your CrowdStrike EDR to Sekoia.io.

CrowdStrike Falcon integration gathers EDR logs. Below is a concise list of activities that can be monitored using CrowdStrike Falcon logs:

- Alerts raised by the EDR, with limited informations like hash, command line, IP.
- Crowdstrike Falcon Audit logs
- Crowdstrike Falcon Incident logs


{!_shared_content/operations_center/detection/generated/suggested_rules_22f2afd2-c858-443d-8e06-7b335e439c29_do_not_edit_manually.md!}

{!_shared_content/operations_center/integrations/generated/22f2afd2-c858-443d-8e06-7b335e439c29.md!}
Expand All @@ -16,7 +23,7 @@ This setup guide explains how to forward and collect the detections and activity
This integration supports the following events from CrowdStrike Falcon:

- Detection Summaries (`DetectionSummaryEvent`)
- Incident Summaries ('IncidentSummaryEvent')
- Incident Summaries (`IncidentSummaryEvent`)
- Audit logs (`UserActivityAuditEvent` and `AuthActivityAuditEvent`)
- Identity protection events (`IdpDetectionSummaryEvent` and `IdentityProtectionEvent`)

Expand Down
8 changes: 8 additions & 0 deletions docs/xdr/features/collect/integrations/endpoint/crowdstrike_falcon_telemetry.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,14 @@ CrowdStrike provides cloud workload and endpoint security, threat intelligence,
!!! warning
Important note - This format is currently in beta. We highly value your feedback to improve its performance.

CrowdStrike Falcon Telemetry gathers raw system logs, legitimate and suspicious activities. Below is a non-exhaustive list of activities that can be monitored using CrowdStrike Telemetry logs:

-Process creation and termination
-File path creation and deletion
-Events related to processes
-DNS requests
-HTTP connections

{!_shared_content/operations_center/detection/generated/suggested_rules_10999b99-9a8d-4b92-9fbd-01e3fac01cd5_do_not_edit_manually.md!}

{!_shared_content/operations_center/integrations/generated/10999b99-9a8d-4b92-9fbd-01e3fac01cd5.md!}
Expand Down

0 comments on commit 381956e

Please sign in to comment.