Integration Guide for CrowdStrike
This guide provides instructions for integrating AlphaSOC with your CrowdStrike environment. It outlines the complete workflow, from telemetry ingestion to receiving findings.
To fully integrate AlphaSOC with your CrowdStrike infrastructure, you will need to:
- Configure CrowdStrike FDR to collect telemetry.
- Grant AlphaSOC permission to read from a CrowdStrike-provided Amazon SQS queue or, if you already capture and store CrowdStrike FDR data, allow AlphaSOC access to view your storage.
Data Origin
AlphaSOC collects and analyzes telemetry from CrowdStrike FDR (Falcon Data Replicator) to detect threats and anomalies. You can find instructions on how to enable CrowdStrike FDR logging here.
Data Transport
To enable AlphaSOC to access your telemetry via CrowdStrike's Amazon SQS queue, you will need to provide us with the following information:
- Client ID: The Amazon Access Key ID for the SQS queue.
- Secret Access Key: The Amazon Secret Access Key for the SQS queue.
- SQS Queue URL: The URL of the SQS queue that CrowdStrike uses to send FDR data packages.
For detailed instructions, please refer to the Data Origin: CrowdStrike FDR.
Organizations already collecting CrowdStrike FDR data in Amazon S3 buckets can refer to the Data Origin: CrowdStrike FDR documentation to grant AlphaSOC permissions to view their stored telemetry. If you use another storage solution for your CrowdStrike FDR data, please see the Collecting Data section of the AlphaSOC documentation for integration instructions, or contact us for assistance.
Escalating Findings Transport
AlphaSOC provides multiple transport methods to deliver findings. You can find the full list of supported transports here. If your preferred transport method or format isn’t listed, contact AlphaSOC and we will help you to develop a custom solution tailored to your needs.
Additional Guidance
Need help integrating AlphaSOC into your CrowdStrike environment? Contact us.