The CrowdStrike Falcon platform is one of the world’s leading endpoint protection platforms, delivered with complementary modules including Falcon Intelligence and Falcon Sandbox.
Download Integration Guide
Smart SOAR Integration
A feature-rich integration with the CrowdStrike Falcon platform makes Smart SOAR the perfect command center for intaking events, detonating malicious files, and orchestrating actions across endpoints. D3’s automation-powered playbooks, integrated MITRE ATT&CK framework, and deep investigative capabilities bring effective and repeatable workflows to all endpoint events.
Orchestrate more than 25 actions in CrowdStrike Falcon from Smart SOAR
Automate enrichment of events with threat intelligence from Falcon Intelligence and other sources
Correlate events against the MITRE ATT&CK matrix to reveal adversarial intent
Detonate suspicious files in Falcon Sandbox
Key Use Case
Compromised Endpoint Remediation
When a compromised endpoint is detected, Smart SOAR enriches the alert with threat intelligence from Falcon X and other sources to get a risk score. If the file is not conclusively known to be malicious, Smart SOAR then queries the compromised endpoint via Falcon Endpoint Protection to download the file, where it can then be detonated in Falcon Sandbox for analysis. If the file is determined to be malicious, Smart SOAR can then query other endpoints to find any other instances of the file. Having now identified the full extent of the compromise, the analyst can use Smart SOAR to orchestrate actions across the affected endpoints, such as to remove the file, block the hash, kill processes, or quarantine the endpoint.
Automated Behavioral Analysis and Remediation
Upon receiving an alert, Smart SOAR gathers additional context, including user account details and file access patterns, and cross-references this with external threat intelligence to assess threat credibility. High-severity threats trigger immediate endpoint isolation and a deeper investigation using CrowdStrike's analysis tools. Smart SOAR then automates remediation actions, such as terminating malicious processes, quarantining affected files, and resetting compromised credentials.
Meet Our Friends
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.