Skip to main content

Hey Everyone!

 

We are exploring better ways to work with CrowdStrike Automated Leads within Google SecOps SOAR, and I’m curious how other teams and organizations are approaching these new alerts - both from a grouping and process perspective.

 

Since the Automated leads was released earlier this month, I have heard a fair bit of mixed feedback. Some teams find value, while others feel overwhelmed by the volume or unclear on how to operationalize these alerts effectively (like me).

 

A few things I am curious about are:

  • How is your organization grouping Automated Leads?
  • How are you handling the volume?
    • Are Automated leads being handled differently from your existing process? i.e. If it’s an automated lead alert/detection, escalate it to another team to review and thoroughly evaluate or close based on predefined logic. (I heard a lot of false positives coming from automated leads.)
  • Have you developed any custom logic or playbooks to prioritize/deprioritize Automated leads?
  • Has your organization found any useful signals from automated leads or more noise/false positives?

 

I would love to hear from what others think about this - what’s working, what’s still in flux, and how you and your organization have been adapting your alerting on these Automated Leads.

 

Cheers!

Hi, 

I am also interested on this topic. Also they are coming through the Alerts API. Is google going to have a separate connector for these? They are creating noise and confusion in our enterprise.

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.