The CrowdStrike Falcon Intelligence Action Bundle submits data collections of adversaries and indicators to CrowdStrike Falcon Intelligence for enrichment. The CrowdStrike API queries the submitted objects for enrichment and returns related threat intelligence to be ingested into the ThreatQ library.

The integration provides the following actions:

• CrowdStrike - Enrich IOCS - submits indicators to CrowdStrike to be enriched with related threat intelligence.
• CrowdStrike Falcon Intelligence - Enrich Adversaries - enriches adversaries with Mitre objects. 

The actions are compatible with the following system object types:

• Adversaries
• Indicators
• Malware
• FQDN
• IP Address
• CIDR Block
• Mutex
• SHA-1
• SHA-256
• MD5
• Email Address

The actions return the following object types:

• Adversaries
• Attack Patterns (Enrich Adversaries action only)
• Indicators (Enrich IOCs action only)
• Malware (Enrich IOCs action only)

Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.