Important
To view this tutorial and import the app, you need access to the Falcon console.
This code is the result of doing the Falcon Foundry Create an App that Enriches Falcon Incidents tutorial.
- Falcon Insight XDR or Falcon Prevent (one app)
- Falcon Next-Gen SIEM or Falcon Foundry (1+ apps depending on entitlement)
- Download this repository as a zip file.
- Log in to the Falcon console and go to Foundry > App manager.
- Click Import app and select the zip file you downloaded.
- Click Import.
Tip
If you get an error that the name already exists, change the name to something unique to your CID when importing the app.
This example uses the following CrowdStrike products:
Please post any questions as issues in this repo, ask for help in our CrowdStrike subreddit, or post your question to our Foundry Developer Community.
The foundry-tutorial-enrich-incidents repo is the resulting code from doing the Foundry Create an App that Enriches Falcon Incidents tutorial. While not a formal CrowdStrike product, foundry-tutorial-enrich-incidents is maintained by CrowdStrike and supported in partnership with the open source developer community.
MIT, see LICENSE.