Skip to main content

CrowdStrike Falcon

Download With Dependencies

The CrowdStrike Falcon OAuth 2 API (formerly the Falcon Firehose API), enables fetching and resolving detections, searching devices, getting behaviors by ID, containing hosts, and lifting host containment.

Endpoint security is at the frontline to protect against malicious cybersecurity threats. It represents one of the first places organizations look to secure their enterprise networks.
As the volume and sophistication of cybersecurity threats have increased, so has the need for more advanced endpoint security solutions.
CrowdStrike Falcon is one of the leaders in the Endpoint Protection Platform (EPP) market, and the CrowdStrike Falcon content pack provides a holistic solution for protecting enterprise endpoints and servers from malicious attacks that can seriously impact your organization.
This pack is designed to quickly detect, analyze, block, and contain malicious attacks in progress. It also gives administrators visibility into advanced threats to speed detection and remediation response times.

What Does This Pack Do?

  • Mirrors incidents between Cortex XSOAR incidents and CrowdStrike Falcon incidents or detections
  • Provides real-time response features
  • Assesses vulnerability
  • Contains endpoints (isolation/unisolation)
  • Removes duplicate incidents
  • Eliminates false positive incidents
  • Enriches incidents

Before You Start

Make sure you have the following content packs:

  • Base
  • Common Scripts
  • Common Types

Pack Configurations

To get up and running with this pack, you must get an API client ID and secret from CrowdStrike support:



Cortex XSOAR


CertificationRead more
Supported ByCortex
CreatedSeptember 9, 2020
Last ReleaseJuly 14, 2024

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.