The CrowdStrike Next-Gen SIEM Connector for ThreatQ enables the automatic dissemination of IOCs from a ThreatQ data collection to a CrowdStrike Next-Gen SIEM Lookup File.

The integration will convert IOC results from the Threat Library into CSV files to be uploaded to CrowdStrike Next-Gen SIEM. Separate CSV files will be created based on type and uploaded to CrowdStrike Next-Gen SIEM. The files can then be used to add contextual information to log data using the match search function. The added contextual information such as score, related malware, related adversaries, and tags can be used to create alert policies.

The integration utilizes the following endpoint:

• {CROWDSTRIKE_HOST}/humio/api/v1/repositories/{REPOSITORY}/files

This connector does not ingest any data back into ThreatQ.