Use this pack to receive information and indicators on adversaries tracked by CrowdStrike, their target nations and industries, and research on their activities.
What does this pack do?
This pack contains 2 feed integrations.
The CrowdStrike Falcon Intel Feed Actors integration retrieves indicators of type STIX Threat Actor from the CrowdStrike Falcon Intel Feed.
The CrowdStrike Falcon Indicator Feed integration retrieves indicators of the following types from the CrowdStrike Falcon Intel Feed.
- File MD5
- File SHA-256
- Registry Key
Creating the integration instance
To create the integration instance for either feed, you need a CrowdStrike API client and a CrowdStrike API client secret. To define a CrowdStrike API client, you must have the role of a Falcon Administrator. This will allow you to view, create, or modify API clients or keys. Secrets are only shown when a new API client is created or when it is reset.