We’re proud to announce that Smart SOAR is listed in the CrowdStrike marketplace, a cybersecurity ecosystem of CrowdStrike-compatible, best-of-breed solutions. We have had a strong Smart SOAR integration with CrowdStrike for several years, so it is gratifying to have our Falcon XDR integration vetted and approved by CrowdStrike.
Unlike SOAR vendors that leverage basic APIs and expect their users to code and troubleshoot integrations, our Smart SOAR integrations are built by a dedicated team that conducts in-depth research into integrated tools to find out what makes them tick. The result is feature-rich integrations and tool-specific playbooks that give security teams the data and functionality they need, instead of generic workflows that treat every tool the same.
In this previous blog, you can see an in-depth example of how Smart SOAR and CrowdStrike Falcon work together to respond to malware incidents.
In this blog, we will give you an overview of our integration with CrowdStrike Falcon XDR and explain the capabilities and benefits of the joint solution.
What is the CrowdStrike Marketplace?
Launched in September of 2023, the CrowdStrike Marketplace is intended to be a one-stop shop for CrowdStrike customers to discover, learn about, and purchase third-party solutions that integrate with the CrowdStrike Falcon platform. For products that are purchasable through the marketplace, buyers can leverage a credits program to reduce costs, as well as make purchases from their CrowdStrike account.
Smart SOAR’s CrowdStrike Integration Commands
D3’s integration with CrowdStrike Falcon comprises dozens of commands that can be orchestrated from Smart SOAR, including:
- Fetch Event
- Execute Batch Command
- Get IOCs
- Isolate Hosts
- Schedule Scan
These commands enable orchestration of many important cybersecurity scenarios across malware incident response, threat hunting, vulnerability management, and threat analysis.
Smart SOAR and CrowdStrike Falcon Use Cases
In our CrowdStrike joint solution guide, you can find three sample workflows for the integration, which we will summarize briefly here.
- Proactive threat hunting and mitigation. This use case enables a thorough approach to threat hunting, identifying vulnerabilities, isolating compromised hosts, and updating the incident response strategy based on the latest threat data.
- Real-time incident response and analysis. This workflow allows for a rapid response to incidents, providing real-time data analysis and containment, ensuring minimal impact and quick resolution.
- Vulnerability management and compliance. This use case emphasizes ongoing vulnerability management, ensuring that the network remains compliant and secure against identified vulnerabilities, reducing the risk of exploitation.
Integration Benefits
CrowdStrike Falcon is one of the world’s most popular cybersecurity products for a reason. It’s a powerful platform with a huge range of capabilities. Smart SOAR taps into those capabilities, while bringing its own deep set of features. The result is a SecOps hub for a wide range of SOC activity, which brings benefits for enterprise and managed service providers, including:
- Connecting the Falcon platform to hundreds of other security tools, including SIEM, TIP, NDR, and email protection systems.
- Running endpoint events through Smart SOAR’s Event Pipeline, which automates triage, deduplication, normalization, enrichment, and more, to filter out false positives and produce high-fidelity incident reports.
- Orchestrating environment-wide responses, such as disrupting phishing campaigns that have led to malware incidents on endpoints.
- Automating the scheduling and execution of proactive measures like threat hunting and vulnerability scans, ensuring they don’t get overlooked.
For more about our integration with CrowdStrike Falcon, download our joint solution guide here.
