0
2.3.1
Zurich, Yokohama, Xanadu
The CrowdStrike Next-Gen SIEM Ingestion integration allows you to automatically retrieve incidents from CrowdStrike , convert them into security incidents, and enable automated response actions.
This integration offers the following key features:
Automated Detection & Incident Creation
- Detect CrowdStrike Next-Gen SIEM detections that are candidates for security incidents and automatically create security incidents in SIR.
Field Mapping for Seamless Data Flow
- Map CrowdStrike Next-Gen SIEM alert and entity fields to SIR security incident fields for consistent and structured incident handling.
Advanced Filtering Capabilities
- Filter incoming CrowdStrike Next-Gen SIEM detections based on defined criteria to ingest only relevant security incidents.
Smart Incident Aggregation
- Group similar CrowdStrike detections under existing open security incidents to avoid duplication and reduce operational overhead.
Scheduled Alert Ingestion
- Ingest CrowdStrike detections into SIR at scheduled intervals to ensure regular and timely updates.
Comment Synchronization
- Synchronize comments between CrowdStrike detections and SIR worknotes to maintain complete visibility and effective communication within incident workflows.
New :
Upgraded dictionary-level read-only fields to Strict Read-Only to enhance security and prevent unauthorized changes.
This update ensures the server consistently enforces read-only behavior across all UIs, scripts, and integrations.
To install the integration, perform the following steps:
- Install the com.glide.hub.integration.runtime, com.glide.hub.action_step.rest plugins first. If the necessary privileges are unavailable, raise a support ticket to install these plugins.
- After installing the plugins, install the Security Incident Response Dependency plugin (com.snc.si_dep).
- Install the Security Incident Response plugin