- CrowdStrike XDR Connector Bundle
-
Bundle Overview
-
Instructions and Download
Crowdstrike XDR Connector Bundle
Extend protection beyond your endpoints with CrowdStrike Falcon® XDR integrated with ExtraHop NDR.
CrowdStrike XDR Connector Bundle
Description
Extend protection beyond your endpoints with CrowdStrike Falcon® XDR integrated with ExtraHop NDR. Falcon® XDR provides consolidated threat visibility, hassle-free detection and investigation, and end-to-end orchestration and response. This integration enables XDR with real-time reception of the detections and records ExtraHop is generating from your wire data.
The following figure shows an example of ExtraHop Record data in XDR, where you can then leverage the data for creating dashboards, running powerful queries using the LogScale Query Language, and making custom XDR detections.
Figure 1. ExtraHop record data in XDR
Requirements
You must have:
- You must have Reveal(x) Enterprise or 360, running firmware 8.8 or later
- An ExtraHop user account that has Unlimited privileges
- You must have CrowdStrike Falcon XDR
- You must be able to setup an ExtraHop Reveal(x) Data Connector in Falcon
Contents
- 5x Triggers
- CrowdStrike XDR: Detection Connector
- CrowdStrike XDR: Record Connector - DNS_RESPONSE
- CrowdStrike XDR: Record Connector - HTTP_RESPONSE
- CrowdStrike XDR: Record Connector - RDP_OPEN
- CrowdStrike XDR: Record Connector - SSL_OPEN