Skip to main content

Crowdstrike Falcon Intel Feed

Tracks the activities of threat actor groups and advanced persistent threats (APTs) to understand as much as possible about their known aliases, targets, methods, and more.

Use this pack to receive information and indicators on adversaries tracked by CrowdStrike, their target nations and industries, and research on their activities.

What does this pack do?

This pack contains 2 feed integrations.

  • The CrowdStrike Falcon Intel Feed Actors integration retrieves indicators of type STIX Threat Actor from the CrowdStrike Falcon Intel Feed.

  • The CrowdStrike Falcon Indicator Feed integration retrieves indicators of the following types from the CrowdStrike Falcon Intel Feed.

    • Account
    • Domain
    • Email
    • File MD5
    • File SHA-256
    • IP
    • Registry Key
    • URL

Creating the integration instance

To create the integration instance for either feed, you need a CrowdStrike API client and a CrowdStrike API client secret. To define a CrowdStrike API client, you must have the role of a Falcon Administrator. This will allow you to view, create, or modify API clients or keys. Secrets are only shown when a new API client is created or when it is reset.

PUBLISHER

Cortex XSOAR

INFO

CertificationRead more
Supported ByCortex XSOAR
CreatedSeptember 15, 2020
Last ReleaseSeptember 16, 2021
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.