This documentation explains Intezer's alert triage, response, and hunting solution for CrowdStrike. Go here if you are ready to set up Intezer's integration with CrowdStrike now.
You can get clear recommendations for response on every alert in CrowdStrike Falcon, by having Intezer investigate and triage alerts for you. Here you can learn more about Intezer automates alert triage, reduces false positives, classifies threats, extracts IOCs, and prioritizes response.
Get a quick overview of how Intezer's solution for CrowdStrike works in this quick 4-minute video:
How Intezer's integration with CrowdStrike works:
- CrowdStrike detects malicious activity on an endpoint and creates an alert.
- Intezer fetches the relevant artifacts (files, URLs, processes, memory image) from the endpoint through CrowdStrike for analysis and triage.
- Intezer provides analysis results and clear recommendations for every alert in CrowdStrike, so your team knows what to do next.
- From Intezer’s analysis result in CrowdStrike, you get verdict, malware family information, additional context, and a link to Intezer’s full investigation so you can review, get IOCs, or related threat hunting queries.
- Additional indicators can be added to the CrowdStrike blacklist or with a custom detection rule from Intezer to alert and perform an automated response next time those indicators are seen.
- Scan a suspicious endpoint or proactively hunt for traces of advanced in-memory threats (such as fileless and packed malware, malicious code injections, or any unrecognized code) by using Intezer’s Live Endpoint Scanner as a script from inside CrowdStrike.
- Threat hunting queries can be extracted from Intezer and used with CrowdStrike to hunt for additional indicators across the environment.
Intezer and CrowdStrike Integration Benefits
- Triage for every alert and time savings with a unified, automated workflow.
- Transparent analysis and additional context about scanned artifacts including attribution, malware families, indicators of compromise (IOCs), and TTPs mapped to MITRE ATT&CK®.
- Rapid verdicts of both malicious and benign artifacts classified using Intezer’s proprietary genetic analysis solution.
- Hunt for traces of advanced in-memory threats such as fileless and packed malware, malicious code injections, or any unrecognized code by running Intezer’s Live Endpoint Scanner as a script from inside CrowdStrike.
- Out-of-the-box detection content and queries for threat hunting provide immediate time-to-value.
Additional resources about integrating Intezer with CrowdStrike
- Getting Started: Intezer EDR Connect (how automated alert triage works, set up with CrowdStrike, and examples)
- For advanced in-memory threats and fileless malware: Live Endpoint Scanner Script - EDR Set Up
- From your Intezer Dashboard: Understanding triage, response, and hunting
- Learn more about Intezer's Analysis Reports here