Multiple Analyzers & Responders for CrowdstrikeFalcon #1297

nusantara-self · 2024-11-26T03:00:58Z

Closes #1296

New Analyzers:
- CrowdstrikeFalcon Sandbox:
  - Submits file observables to the CrowdStrike Falcon Sandbox for analysis.
  - Retrieves results once the analysis is complete.
- CrowdstrikeFalcon getDeviceAlerts:
  - Retrieves alerts associated with a specific hostname over a defined time range.
- CrowdstrikeFalcon getDeviceDetails:
  - Fetches detailed information for a given hostname in CrowdStrike Falcon, including if the agent is in fully functional mode.
- CrowdstrikeFalcon getDeviceVulnerabilities:
  - Retrieves the list of vulnerabilities impacting a specific device.
New Responders:
- CrowdstrikeFalcon IOC:
  - Adds or removes Indicators of Compromise (IoCs) in the CrowdStrike Falcon platform.
  - Supports hashes, IPs, urls & domains.
- CrowdstrikeFalcon Hosts:
  - Contains hosts
  - lift containment
  - Suppress detection, hide host etc..
- CrowdstrikeFalcon Sync:
  - Synchronizes the status of alerts and incidents between TheHive (alert or case stages) and CrowdStrike
Matching analyzers reports

nusantara-self added 3 commits November 26, 2024 10:49

Add CrowdstrikeFalcon Analyzers

158e174

Add CrowdstrikeFalcon analyzers templates

53abb62

Add CrowdstrikeFalcon responders

fefd077

nusantara-self added category:new-analyzer New analyzer submitted category:new-responder labels Nov 26, 2024

nusantara-self added this to the 3.3.9 milestone Nov 26, 2024

nusantara-self self-assigned this Nov 26, 2024

nusantara-self merged commit a0f139f into develop Nov 26, 2024

nusantara-self deleted the csfalcon-integration-1 branch February 21, 2025 07:56

Provide feedback