CrowdStrike Falcon Streaming

Details
Content
Dependencies
Version History

Use the CrowdStrike Falcon Stream v2 integration to stream detections and audit security events.

Automations

Name	Description
CrowdStrikeStreamingPreProcessing	Pre processing script for CrowdStrike Streaming, will not duplicate incidents(detection events) that have same Host. Will add entry to duplicate(older) incident notifying a duplicate incident was ignored. This automation runs using the default Limited User role, unless you explicitly change the permissions. For more information, see the section about permissions here: https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations

Name

Description

Pre processing script for CrowdStrike Streaming, will not duplicate incidents(detection events) that have same Host.
Will add entry to duplicate(older) incident notifying a duplicate incident was ignored.

This automation runs using the default Limited User role, unless you explicitly change the permissions.
For more information, see the section about permissions here:
https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations

Classifiers

Name	Description
CrowdStrike Falcon Streaming - Classifier	Classifies CrowdStrike Falcon events.
CrowdStrike Falcon Streaming - Incoming Mapper	Maps incoming CrowdStrike Falcon event fields.

Integrations

Name	Description
CrowdStrike Falcon Streaming v2	Use the CrowdStrike Falcon Stream v2 integration to stream detections and audit security events.

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (2)

Pack Name	Pack By
Common Types	By: Cortex XSOAR
Malware Core	By: Cortex XSOAR

All level dependencies (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

1.1.12 - 1619437 (November 10, 2024)

Integrations

CrowdStrike Falcon Streaming v2

Updated the Docker image to: demisto/py3-tools:1.0.0.114656.

Related pull requests:
- 37059
- 37052
- 37051

Download

1.1.11 - R1320807 (August 28, 2024)

Mappers

CrowdStrike Falcon Streaming - Incoming Mapper

Added support for field name changes in the specified fields ('DetectDescription' and 'DetectName') of the Crowdstrike Event Streams API.

Related pull requests:
- 35921

Download

1.1.10 - R828628 (February 14, 2024)

Integrations

CrowdStrike Falcon Streaming v2

Updated event processing to process bigger events from the API.
Updated the Docker image to: demisto/py3-tools:1.0.0.86553.

Related pull requests:
- 31790

Download

1.1.9 - 722180 (December 28, 2023)

Scripts

CrowdStrikeStreamingPreProcessing

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31812

Download

1.1.8 - 6641023 (October 18, 2023)

Integrations

CrowdStrike Falcon Streaming v2

Fixed an issue where the integration default classifier and mapper weren't presented in XSOAR 8.x.
Updated the Docker image to: demisto/py3-tools:1.0.0.77497.

Related pull requests:
- 30214

Download

1.1.7 - R6303396 (September 12, 2023)

Scripts

CrowdStrikeStreamingPreProcessing

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 28210

Download

1.1.6 - R5692327 (July 5, 2023)

Integrations

CrowdStrike Falcon Streaming v2

Added the Client Secret and the Client ID integration parameters to support credentials fetching object.
Updated the Docker image to: demisto/py3-tools:1.0.0.61931.

Related pull requests:
- 27127
- 27171
- 27184
- 27185
- 27146
- 27153
- 26699
- 27169
- 27120
- 27199
- 27031
- 27102
- 27203
- 26700
- 27206
- 27188
- 27170
- 27211
- 27200
- 27193
- 26496
- 27209
- 27064
- 27134
- 27215
- 27217
- 27219
- 27201
- 27220
- 27210
- 27218
- 27065
- 26473
- 27223
- 27128
- 27189
- 27187
- 27190
- 27205
- 27227
- 27232

Download

1.1.5 - R5450895 (June 5, 2023)

Scripts

CrowdStrikeStreamingPreProcessing

Documentation and metadata improvements.

Related pull requests:
- 23716

Download

1.1.4 - 4751368 (March 6, 2023)

Scripts

CrowdStrikeStreamingPreProcessing

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 25084
- 23716

Download

1.1.3 - R4718798 (March 1, 2023)

Scripts

CrowdStrikeStreamingPreProcessing

Updated the Docker image to: demisto/python3:3.10.7.33922.

Related pull requests:
- 21130

Download

1.1.2 - 3096681 (June 15, 2022)

Integrations

CrowdStrike Falcon Streaming v2

Updated the Docker image to: demisto/py3-tools:0.0.1.30715 as demisto/aiohttp image is deprecated.

Related pull requests:
- 19561

Download

1.1.1 - R2233034 (January 10, 2022)

Scripts

CrowdStrikeStreamingPreProcessing

Added reference to required permissions in automation's description and README.

Download

1.1.0 - 1882648 (November 2, 2021)

Scripts

CrowdStrikeStreamingPreProcessing

Breaking Change: DBotRole has been removed from this automation.
This change will affect any playbook that is dependent on, or runs, this automation.
This automation will now run using the default Limited User role, unless you explicitly change the permissions.
For more information, see the section about permissions here:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-2/cortex-xsoar-admin/playbooks/automations.html

Download

1.0.18 - 7567740 (September 12, 2021)

Scripts

CrowdStrikeStreamingPreProcessing

Updated the Docker image to: demisto/python:2.7.18.24066.

Download

PUBLISHER

PLATFORMS

Cortex XSOAR

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	June 30, 2020
Last Release	November 10, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.