CrowdStrike Falcon Streaming

Pre processing script for CrowdStrike Streaming, will not duplicate incidents(detection events) that have same Host.
Will add entry to duplicate(older) incident notifying a duplicate incident was ignored.

This automation runs using the default Limited User role, unless you explicitly change the permissions.
For more information, see the section about permissions here:

• For Cortex XSOAR 6 see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.x/Cortex-XSOAR-Playbook-Design-Guide/Automations
• For Cortex XSOAR 8 Cloud see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation/Create-a-script
• For Cortex XSOAR 8.7 On-prem see https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8.7/Cortex-XSOAR-On-prem-Documentation/Create-a-script

Classifies CrowdStrike Falcon events.

Maps incoming CrowdStrike Falcon event fields.

Use the CrowdStrike Falcon Stream v2 integration to stream detections and audit security events.