Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A responder for the Crowdstrike Falcon custom IOC api #421

merged 7 commits into from Mar 23, 2019


None yet
4 participants
Copy link

ag-michael commented Feb 10, 2019

I've made a responder that will submit observables to the Crowdstrike Falcon custom IOC api.
Blog post about this feature:

Crowdstrike Falcon customers can use this responders to submit case observables to their IOC list maintianed by Crowdstrike. When the observables are seen by Falcon in their environment, a detection will be generated.


This comment has been minimized.

Copy link

xg5-simon commented Feb 12, 2019

Consider using the operations function to add a tag to the observable to provide a clear indicator to analysts that the observable has been uploaded to CrowdStrike Falcon without having to click into the observable details view.

For example

def operations(self, raw): return [self.build_operation('AddTagToArtifact', tag='CrowdStrike:IOC Uploaded')]


This comment has been minimized.

Copy link

saadkadhi commented Feb 12, 2019

The change suggested by @xg5-simon would be helpful @ag-michael. May you consider it? Thanks.


This comment has been minimized.

Copy link
Contributor Author

ag-michael commented Feb 12, 2019

@xg5-simon I've added the change you requested. Thanks for the suggestion, I read that part in the responder guide but forgot to implement it.

@jeromeleonard jeromeleonard self-requested a review Mar 23, 2019

@jeromeleonard jeromeleonard self-assigned this Mar 23, 2019

@jeromeleonard jeromeleonard changed the base branch from master to develop Mar 23, 2019

@jeromeleonard jeromeleonard merged commit b869686 into TheHive-Project:develop Mar 23, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.