Browse Apps
Integration Documentation
  • Last Updated
    Mar 19, 2024
  • Version
    1.1.1
  • Compatibility
    ThreatQ versions >= 4.50.0

    • Crowdstrike Insight EDR

    ThreatQuotient

    www.crowdstrike.com/

    Overview

    The CrowdStrike Insight EDR CDF for ThreatQ is a bi-directional integration aimed to give analysts the ability to export data collections to CrowdStrike, as well as bring back detection incidents from CrowdStrike.

    The integration provides the following feeds:
    • CrowdStrike Insight EDR - IOC Export - exports indicators of compromise from a ThreatQ Data Collection to the Custom IOC list in CrowdStrike Insight EDR.
    • CrowdStrike Insight EDR - Detections - brings in aggregated detections, along with their behavioral events and related IOCs, into ThreatQ.
    • Get Detections by IDs (supplemental) - fetches the full details for a given set of detection IDs.
    • CrowdStrike Insight EDR - Hosts - feeds brings in aggregated detections into ThreatQ.
    • Get Host by IDs (supplemental) - fetches the full details for a given host IDs.
    The following object types are ingested from the feeds above:
    • Assets (custom object)
    • Attack Patterns
    • Events
    • Incidents
    • Indicators
      • Filename
      • File Path
      • Username
      • MD5
      • SHA-256
      • FQDN
      • Filename
      • Registry Key

    Copyright © 2025, ThreatQuotient, Inc. All Rights Reserved. Privacy Policy