[Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 1 (#4220)

* [Rule Tuning] 3rd Party EDR - Add Crowdstrike FDR support - 1

* Update Integrations unit tests

* Update test_all_rules.py

Removed changes from:
- rules/windows/collection_email_powershell_exchange_mailbox.toml
- rules/windows/command_and_control_headless_browser.toml
- rules/windows/command_and_control_rdp_tunnel_plink.toml
- rules/windows/command_and_control_screenconnect_childproc.toml
- rules/windows/command_and_control_tunnel_vscode.toml
- rules/windows/credential_access_domain_backup_dpapi_private_keys.toml
- rules/windows/credential_access_kirbi_file.toml
- rules/windows/credential_access_relay_ntlm_auth_via_http_spoolss.toml
- rules/windows/defense_evasion_disable_windows_firewall_rules_with_netsh.toml
- rules/windows/defense_evasion_dotnet_compiler_parent_process.toml

(selectively cherry picked from commit 81292ae)

detection_rules/schemas/definitions.py

@@ -79,7 +79,8 @@ def validator(value):
                         'sentinel_one_cloud_funnel',
                         'ti_rapid7_threat_command',
                         'm365_defender',
-                        'panw']
+                        'panw',
+                        'crowdstrike']
 NON_PUBLIC_FIELDS = {
     "related_integrations": (Version.parse('8.3.0'), None),
     "required_fields": (Version.parse('8.3.0'), None),

tests/test_all_rules.py

@@ -353,7 +353,8 @@ def test_required_tags(self):
             'logs-windows.powershell*': {'all': ['Data Source: PowerShell Logs']},
             'logs-sentinel_one_cloud_funnel.*': {'all': ['Data Source: SentinelOne']},
             'logs-fim.event-*': {'all': ['Data Source: File Integrity Monitoring']},
-            'logs-m365_defender.event-*': {'all': ['Data Source: Microsoft Defender for Endpoint']}
+            'logs-m365_defender.event-*': {'all': ['Data Source: Microsoft Defender for Endpoint']},
+            'logs-crowdstrike.fdr*': {'all': ['Data Source: Crowdstrike']}
         }
 
         for rule in self.all_rules: