Skip to main content

Crowdstrike Falcon Intel Feed

Details
Content
Dependencies
Version History

Download With Dependencies

Tracks the activities of threat actor groups and advanced persistent threats (APTs) to understand as much as possible about their known aliases, targets, methods, and more.

Use this pack to receive information and indicators on adversaries tracked by CrowdStrike, their target nations and industries, and research on their activities.

What does this pack do?

This pack contains 2 feed integrations.

The CrowdStrike Falcon Intel Feed Actors integration retrieves indicators of type STIX Threat Actor from the CrowdStrike Falcon Intel Feed.
The CrowdStrike Falcon Indicator Feed integration retrieves indicators of the following types from the CrowdStrike Falcon Intel Feed.
- Account
- Domain
- Email
- File MD5
- File SHA-256
- IP
- Registry Key
- URL

Creating the integration instance

To create the integration instance for either feed, you need a CrowdStrike API client and a CrowdStrike API client secret. To define a CrowdStrike API client, you must have the role of a Falcon Administrator. This will allow you to view, create, or modify API clients or keys. Secrets are only shown when a new API client is created or when it is reset.

Integrations

Name	Description
CrowdStrike Indicator Feed	Retrieves indicators from the CrowdStrike Falcon Intel Feed.
CrowdStrike Falcon Intel Feed Actors	The CrowdStrike intelligence team tracks the activities of threat actor groups and advanced persistent threats (APTs) to understand as much as possible about their known aliases, targets, methods, and more. This integration retrieves indicators from the CrowdStrike Falcon Intel Feed.

2.1.18 - 1304994 (August 25, 2024)

Integrations

CrowdStrike Indicator Feed

Removed When removed from the feed option from Indicator Expiration Method
Updated the Docker image to: demisto/python3:3.11.9.107902.

Related pull requests:
- 35873

Download

2.1.17 - 1269433 (August 13, 2024)

Integrations

CrowdStrike Falcon Intel Feed Actors

Removed the When removed from the feed option from the Indicator Expiration Method parameter.
Updated the Docker image to: demisto/python3:3.11.9.106403.

Related pull requests:
- 35353

Download

2.1.16 - R1265696 (August 12, 2024)

Integrations

CrowdStrike Indicator Feed

Fixed an issue with the threat actor names coming back with nospaces causing XSOAR to create incorrect relationships.

Related pull requests:
- 33607

Download

2.1.15 - 765039 (January 16, 2024)

Integrations

CrowdStrike Indicator Feed

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32212

Download

2.1.14 - 733853 (January 2, 2024)

Integrations

CrowdStrike Indicator Feed

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31878

Download

2.1.13 - 7066068 (December 4, 2023)

Integrations

CrowdStrike Falcon Intel Feed Actors

Fixed an issue where the fetch-indicators command didn't retrieve all the information in some cases.
Updated the Docker image to: demisto/python3:3.10.13.82076.

Related pull requests:
- 31272

Download

2.1.12 - 6389447 (September 21, 2023)

Integrations

CrowdStrike Indicator Feed

Breaking changes - updated the stixkillchainphases indicator field to be in accordance with XSOAR standards.

Related pull requests:
- 29785

Download

2.1.11 - R6303396 (September 12, 2023)

Integrations

CrowdStrike Indicator Feed

Updated the Docker image to: demisto/python3:3.10.13.72123.

Related pull requests:
- 29445

Download

2.1.10 - 5925411 (August 1, 2023)

Integrations

CrowdStrike Indicator Feed

Updated the Docker image to: demisto/python3:3.10.12.66339.

Related pull requests:
- 28643

Download

2.1.9 - R5866730 (July 25, 2023)

Integrations

CrowdStrike Falcon Intel Feed Actors

Added the CrowdStrike API client ID and CrowdStrike API client secret integration parameters to support credentials fetching object.
Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27756

Download

2.1.8 - 5636258 (June 28, 2023)

Integrations

CrowdStrike Indicator Feed

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27779

Download

2.1.7 - R5450895 (June 5, 2023)

Integrations

CrowdStrike Indicator Feed

Updated the Docker image to: demisto/python3:3.10.11.61265.
Updated the First Fetch Time parameter to mandatory.
Fixed an issue where already fetched indicators were immediately marked as Removed from feed during a subsequent fetch.

Related pull requests:
- 27050

Download

2.1.6 - 5318720 (May 21, 2023)

Integrations

CrowdStrike Indicator Feed

Updated the Docker image to: demisto/python3:3.10.11.59581.
Documentation and metadata improvements.

Related pull requests:
- 26503

Download

2.1.5 - 5176833 (May 3, 2023)

Integrations

CrowdStrike Falcon Intel Feed Actors

Fixed an issue where the fetch-indicators fetched the same indicators.
Updated the Docker image to: demisto/python3:3.10.11.56082.

Related pull requests:
- 26243

Download

2.1.4 - R5170573 (May 2, 2023)

Integrations

CrowdStrike Indicator Feed

Updated the Docker image to: demisto/python3:3.10.11.54132.

CrowdStrike Falcon Intel Feed Actors

Updated the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 25971

Download

2.1.3 - 4906551 (March 27, 2023)

Integrations

CrowdStrike Indicator Feed

Updated the Docker image to: demisto/python3:3.10.10.50695.

Related pull requests:
- 25528

Download

2.1.2 - 4771215 (March 8, 2023)

Integrations

CrowdStrike Indicator Feed

Fixed an issue where parsing the indicator type did not differentiate between IP and IPv6.

Related pull requests:
- 25064

Download

2.1.1 - 4718798 (March 1, 2023)

Integrations

CrowdStrike Indicator Feed

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24934

Download

2.1.0 - R4646022 (February 19, 2023)

Integrations

CrowdStrike Indicator Feed

Improved implementation the fetch-indicators command.
Updated the Docker image to: demisto/python3:3.10.10.47713.

Related pull requests:
- 24547

Download

2.0.21 - 4527513 (February 3, 2023)

Integrations

CrowdStrike Indicator Feed

Fixed an issue where fetch-indicators failed when creating relationships with some indicator types, which are not supported.
Updated the Docker image to: demisto/python3:3.10.9.46807.

Related pull requests:
- 24296

Download

PUBLISHER

Cortex

PLATFORMS

Cortex XSOAR

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	September 15, 2020
Last Release	August 25, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

CrowdStrike Falcon Intel Feed Actors

CrowdStrike Indicator Feed

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.