The CrowdStrike Falcon Insight EDR Operation for ThreatQ enables analysts find detections and create new detection policies.

The operation provides the following actions:

• Create Policy - Creates a detection policy for a given indicator.
• Create Hash Policy - Creates a detection policy for a given hash.
• Find Detections - Finds detections associated with the selected indicator.

The operation is compatible with the following indicator types:

• FQDN
• IP Address
• IPv6 Address
• MD5
• SHA-256