CrowdStrike + D3 Smart SOAR
Automated Endpoint Protection and Threat Analysis
A feature-rich integration with the CrowdStrike Falcon platform makes Smart SOAR the perfect command center for intaking events, detonating malicious files, and orchestrating actions across endpoints.
Expert-Built and Maintained Integrations
Smart SOAR’s automation-powered playbooks, integrated MITRE ATT&CK framework, and deep investigative capabilities bring effective and repeatable workflows to all endpoint alerts detected by CrowdStrike. D3’s expert knowledge of the CrowdStrike Falcon platform has produced deep integrations that are entirely managed and maintained by our team, so users can simply drop automated actions into their playbooks.
- Orchestrate more than 25 actions in CrowdStrike Falcon from Smart SOAR
- Automate enrichment of events with threat intelligence from Falcon Intelligence and other sources
- Detonate suspicious files in Falcon Sandbox
Use Case 1
Compromised Endpoint Remediation
When a compromised endpoint is detected, Smart SOAR enriches the alert with threat intelligence from Falcon X and other sources to get a risk score. If the file is not conclusively known to be malicious, Smart SOAR then queries the compromised endpoint via Falcon Endpoint Protection to download the file, where it can then be detonated in Falcon Sandbox for analysis. If the file is determined to be malicious, Smart SOAR can then query other endpoints to find any other instances of the file.
- Identify the full extent of the compromise
- Orchestrate actions across endpoints, such as removing files, blocking hashes, killing processes, or quarantining endpoints
- Unify endpoint investigations with enrichment and response across other tools
Use Case 2
Automated Behavioral Analysis and Remediation
Upon receiving an alert, Smart SOAR gathers additional context, including user account details and file access patterns, and cross-references this with external threat intelligence to assess threat credibility. High-severity threats trigger immediate endpoint isolation and a deeper investigation using CrowdStrike’s analysis tools. Smart SOAR then automates remediation actions, such as terminating malicious processes, quarantining affected files, and resetting compromised credentials.
- Correlate against identity information from integrated tools like Active Directory
- Go beyond IOCs to identify serious threats
- Retain important data in Smart SOAR for 60 days to find patterns over time
Why Smart SOAR?
Joint users of SentinelOne Singularity XDR and D3 Smart SOAR don’t just get automated endpoint security and threat hunting, they also get the countless other features that make Smart SOAR the leading independent SOAR solution, including:
Expert-built codeless integrations across the stack
Tier 1–3 automation, based on deep research into the capabilities of common tools
The Event Pipeline, which reduces alert volume by up to 98%
Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts
CrowdStrike Integration: Summary
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.
