
Aug 29, 2023
1.0.0
ThreatQ versions >= 5.10.0
CrowdStrike Spotlight CDF
Overview
CrowdStrike is a cybersecurity technology firm pioneering cloud-delivered next-generation endpoint protection and services. The CrowdStrike Spotlight feed ingests detailed information about the vulnerabilities in your environment. Falcon tracks vulnerabilities by industry-standard frameworks like Common Vulnerabilities and Exposures (CVE) and provides information about specific vulnerabilities on your hosts using the Falcon sensor.
The integration provides the following feeds:
- CrowdStrike Spotlight - queries CrowdStrike to get a list of vulnerability IDs.
- CrowdStrike Spotlight Fetch All Data (supplemental) - queries CrowdStrike to get all vulnerability IDs.
- CrowdStrike Spotlight Vulnerabilities (supplemental) - retrieves detailed info about a vulnerability.
- CrowdStrike Spotlight Remediations (supplemental) - retrieves detailed remediation info for a vulnerability.
- CrowdStrike Spotlight Evaluation Logic (supplemental) - retrieves the evaluation logic used to assess the vulnerability.
The integration ingests the following system objects:
- Assets
- Events
- Indicators
- Vulnerabilities