The AlienApp for Crowdstrike Falcon enhances the threat detection capabilities of USM Anywhere by enabling you to monitor and respond to Crowdstrike Falcon events from the USM dashboard.
The AlienApp for Crowdstrike Falcon collects and analyzes log data from Crowdstrike endpoint protection agents and provides orchestration actions to streamline incident response activities, including as isolating a Crowdstrike endpoint in response to threats identified by USM Anywhere.
The AlienApp includes the following capabilities:
- Collect log messages from Crowdstrike via API
- Use Crowdstrike detection rules to trigger alarms
- Use the Crowdstrike “containment” response action to remove endpoints from the production network while threats are being remediated.
- Use the “Lift Containment” action to return infected devices to the network after they have been cleaned.
- Trigger actions manually or using automated rules.