The CrowdStrike Insight EDR Bundle provides action that submit data collections containing IP Address, SHA-1, SHA-256 and MD5 IOCs to CrowdStrike Insight EDR. The integration queries the submitted objects for enrichment and returns related threat intelligence to be ingested into the ThreatQ library.

The action can perform the following functions:

• CrowdStrike Insight EDR Enrich IOC - submits indicators to CrowdStrike Insight EDR to be enriched with related threat intelligence.
• CrowdStrike Insight EDR Update IOC - submits indicators to CrowdStrike Insight EDR to be updated with related threat intelligence.
• CrowdStrike Insight EDR Export IOC - exports indicators to CrowdStrike Insight EDR.

The action is compatible with the following indicator types:

• FQDN
• IP Address
• SHA-1
• SHA-256
• MD5

The action returns enriched indicator type system objects.

Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.