🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

CrowdStrike

integrations endpoints vmware crowdstrike edr


The following instructions are for configuring a native ingest of telemetry and detections from CrowdStrike into Secureworks® Taegis™ XDR using Falcon Data Replicator (FDR).

Note

Customers who wish to integrate their CrowdStrike endpoints into Taegis™ XDR will need to purchase the standard Falcon Data Replicator (FDR) from CrowdStrike. Customers will need to contact their CrowdStrike account representative for the pricing details about FDR.

Data Provided from Integration

  Alerts Auth DNS File Collection HTTP NIDS Netflow Process File Modification API Call Registry Scriptblock Management Persistence Thread Injection
Crowdstrike      

Set Up FDR and Gather Information

  1. Use the CrowdStrike documentation to set up your FDR feed and create credentials for the feed.

Important

Make sure both Primary and Secondary events are added to the Standard FDR.

  1. Record the following items you'll need to set up the CrowdStrike integration in Taegis™ XDR:

Set Up CrowdStrike

  1. From the Secureworks® Taegis™ XDR left-hand side navigation, select Integrations → Cloud APIs → Add API Integration.
  2. Choose Set Up CrowdStrike.

Set up CrowdStrike

Set up CrowdStrike

  1. Provide a name for the integration, and then input the information gathered from the FDR console in the previous section.
  2. Select Add when complete to validate the integration. The Cloud API Integrations page displays with the successfully added CrowdStrike integration listed.

 

On this page: