CrowdStrike Launches Falcon Connect With Expanded APIs

CrowdStrike Inc., a cloud-delivered next-generation Endpoint protection, threat intelligence and response services company, today announced the addition of a broad set of sophisticated and easy-to-use APIs to the CrowdStrike Falcon Platform, along with new development and Integration resources, as part of its Spring release of new solutions and services. The Spring release also includes the unveiling of CrowdStrike Falcon Orchestrator and next-generation antivirus with new ransomware protection capabilities. For the Platform expansion, CrowdStrike is continuing its role as the first company to deliver cloud-driven endpoint protection and is releasing a set of updated and enriched APIs via CrowdStrike Falcon Connect. In addition, with the CrowdStrike Falcon SIEM Connector, customers and partners can maximize existing investments with their current network infrastructure by using existing SIEM tools.

As part of the expanded and updated suite of APIs, the CrowdStrike Threat Graph API allows security professionals to visualize the contents of the CrowdStrike Threat Graph in Paterva’s Maltego and other security data visualization tools. The Threat Graph API enables unprecedented investigation, response and proactive hunting capabilities for partners and customers. Customers can access the wisdom of the CrowdStrike cloud to stop an attack while it is happening, as opposed to only analyzing information afterwards during forensics.

News Highlights:

  • CrowdStrike provides an updated set of APIs allowing customers an expanded use of the Falcon platform, including:

    • CrowdStrike Threat Graph API (new) -- enables customers to dynamically explore the cloud-based Threat Graph database containing all execution events and context observed by Falcon endpoint sensors
    • CrowdStrike Falcon Respond API (new) -- provides functionality to manage detection resolution and take remediation actions
    • CrowdStrike Falcon Management API -- focuses on ingestion and management of IOCs within the Falcon platform for real-time detections and search
    • CrowdStrike Falcon Streaming API -- streams a real-time Feed of detections and prevention actions taken by Falcon platform across customers’ environment for consumption by SIEMs and Threat Intelligence Platforms
    • CrowdStrike Falcon Intel API -- makes CrowdStrike’s intelligence available as Indicator of Compromise (IOC) feeds that can be consumed by a wide range of security products in order to enhance their effectiveness
  • CrowdStrike Falcon Connect provides a comprehensive suite of interactive features, feeds, and open development resources, creating a fast, simple and reliable way to optimize the collection of relevant security events across a network’s endpoints. This enables the CrowdStrike ecosystem of partners and customers to multiply the effectiveness of security tools, realize direct cost savings, and build out cohesive threat prevention strategies. Each customer has full API access from within their respective Portal and CrowdStrike partners receive access once they join the Elevate Partner Program.
  • CrowdStrike Falcon SIEM Connector streamlines and automates the process of gathering CrowdStrike Falcon Host data into Security Information and Event Management (SIEMs), unlocking the value of our customers’ existing security solutions and investments. Leveraging the Elevate Partner Program, CrowdStrike works with a large ecosystem of third-party providers to make native integration with SIEM systems and security products fast and seamless. CrowdStrike’s SIEM Connector works with all SIEMS, including HP Arcsight, IBM QRadar, and Intel Security SIEM.

Be sure to read the next Cloud article: Daily API RoundUp: Google Cloud Stackdriver, TomTom, Pyze, Monzo, SlimPay