Crowdstrike Integration

Steps to Integrate

Step 1: Create a Webhook

  • Visit the Webhooks page in Binalyze AIR,

  • Click the "+ New Webhook" button in the upper right corner,

  • Provide a self-explanatory name (examples: RDP Brute Force Trigger, Phishing Detected Trigger, etc.),

  • Select "Crowd Strike Webhook Parser" as the parser for this webhook,

  • Select an Acquisition Profile,

  • Provide other settings such as Evidence Repository, CPU Limit, Compression & Encryption to use or let AIR configure them automatically based on the matching policy.

  • Click the "Save" button,

  • Hover your mouse over the link below the Webhook name and double-click to copy

Step 2: Configure Crowdstrike

  • Go to Crowdstrike Store, find the Webhook Plugin, and open it.

  • Click Configure, and fill in the blanks

    • Name: Give an explanatory name

    • Webhook URL: Paste the webhook you created earlier,

    • Click Notify On Configuration Failure and save the configuration.

  • Go to Fusion workflow,

  • Create a workflow or use an existing one,

  • Create a trigger, Add action

  • Choose action type: Notification

  • Choose the webhook name you created in the second step

  • Add Sensor Hostname to Data to Include

Save and exit.

Last updated