I need to integrate Falcon Crowstrike EDR with Google Secops to send alerts for detections and scheduled rules. Google's documentation mentions a direct API connector, but I'm unsure if this method will allow me to send all my alerts in near real-time. Are there other ways to integrate Crowstrike Falcon with Google Secops, such as using a pipeline like Bindplane? What prerequisites do I need?
Question
Integrate Falcon Crowstrike EDR with Google Secops
+11The CrowdStrike SOAR integration would use the connectors to pull alerts from CrowdStrike directly into SOAR in near realtime. - https://docs.cloud.google.com/chronicle/docs/soar/marketplace-integrations/crowdstrike-falcon
Ingest of CrowdStrike logs into the SIEM can also be configured - https://docs.cloud.google.com/chronicle/docs/ingestion/default-parsers/cs-edr. You could then write rules against these logs (or use the CrowdStrike Passthrough Curated Detections) to get alerts in SOAR.
Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.