The CrowdStrike Recon CDF enables organizations to ingest threat intelligence from CrowdStrike Recon directly into ThreatQ, providing visibility into risks identified across the open, deep, and dark web. By monitoring forums, marketplaces, messaging platforms, and other online sources for leaked data, employee impersonations, and emerging threats, the integration maps relevant findings into ThreatQ to enhance situational awareness.

The integration provides the following feeds:

• CrowdStrike Recon - ingests notifications and alerts from CrowdStrike Recon and maps them to ThreatQ Event objects. 
  • CrowdStrike Get Notifications by ID (supplemental) -  performs a bulk request to retrieve notification details.

The integration ingests the following object types into ThreatQ:

• Adversaries
• Compromised Accounts (custom object)
  • Compromised Account Attributes
• Events
• Identities
  • Identity Attributes
• Indicators
  • Indicator Attributes
• Malware
• Vulnerabilities