CrowdStrike Falcon

CrowdStrike Falcon delivers next-generation antivirus, endpoint detection and response (EDR), managed threat hunting, and threat intelligence.

📘

Note

If you are using CrowdStrike Falcon Identity Protection (formerly Preempt), you need to use the CrowdStrike Falcon Identity Protection adapter.

Asset Types Fetched

This adapter fetches the following types of assets:

• Devices, Users, Roles, Vulnerabilities, Application Settings, SaaS Applications, Domains & URLs, Containers, Alerts/Incidents, Accounts/Tenants

Use Cases the Adapter Solves

Connecting CrowdStrike to Axonius allows you to assess your endpoint security coverage and quickly identify endpoints that are missing agents. Device correlation with Axonius allows you to garner information about your endpoint from other data sources that CrowdStrike cannot extract natively. This can greatly assist with the rollout and audit of your CrowdStrike deployment by introducing any business-unit context and identifying unmanaged devices across your organization.

Axonius collects common device information such as the hostname, IPs, MAC address, and serial number. It also collects information unique to CrowdStrike such as group and policy membership, vulnerabilities, and the agent version.

Related Enforcement Actions

With the CrowdStrike adapter configured, Axonius can update group membership, update tags, and isolate devices directly in the Enforcement Center.

• CrowdStrike Falcon - Add/Remove Assets to/from Host Group
• CrowdStrike Falcon - Isolate and Unisolate
• CrowdStrike Falcon - Add or Remove Tagging Group to/from Assets
• CrowdStrike Falcon - RTR Run Command
• CrowdStrike Falcon - Run Script