A responder for the Crowdstrike Falcon custom IOC api #421
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
saadkadhi
added
status:pr-submitted
status:needs-review
scope:responder
|
Consider using the operations function to add a tag to the observable to provide a clear indicator to analysts that the observable has been uploaded to CrowdStrike Falcon without having to click into the observable details view. For example
|
|
The change suggested by @xg5-simon would be helpful @ag-michael. May you consider it? Thanks. |
|
@xg5-simon I've added the change you requested. Thanks for the suggestion, I read that part in the responder guide but forgot to implement it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I've made a responder that will submit observables to the Crowdstrike Falcon custom IOC api.
Blog post about this feature: https://www.crowdstrike.com/blog/tech-center/import-iocs-crowdstrike-falcon-host-platform-via-api/
Crowdstrike Falcon customers can use this responders to submit case observables to their IOC list maintianed by Crowdstrike. When the observables are seen by Falcon in their environment, a detection will be generated.