From 883ba35602689586a860383b6c11d2b49a556fd9 Mon Sep 17 00:00:00 2001 From: Alekhya0824 Date: Wed, 10 Jun 2026 18:07:38 +0530 Subject: [PATCH 1/9] Readme file for Crowdstrike Solution --- .../Data Connectors/readme.md | 88 +++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/readme.md diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/readme.md b/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/readme.md new file mode 100644 index 00000000000..7a24ccf0419 --- /dev/null +++ b/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/readme.md @@ -0,0 +1,88 @@ +# CrowdStrike CCF Data Connectors + +## Table of Contents + +* Overview +* Available Data Connectors +* References + +## Overview + +Microsoft Sentinel provides multiple CrowdStrike data connectors. This document focuses on the CrowdStrike Common Connector Framework (CCF) data connectors and helps customers determine which connector best fits their data ingestion requirements. + +## Available Data Connectors + +The following CrowdStrike CCF data connectors are available: + +1. **CrowdStrike Falcon API** +2. **CrowdStrike Falcon Data Replicator (Amazon S3)** + +### 1. CrowdStrike Falcon API + +The CrowdStrike Falcon API connector collects data directly from CrowdStrike Falcon APIs. + +Use this connector when you need security-related data that is available through CrowdStrike native APIs, including: + +* Alerts +* Detections +* Incidents +* Security findings +* Other Falcon API-supported data + +To learn more about the APIs and data available through CrowdStrike Falcon APIs, refer to the CrowdStrike API Reference documentation: + +https://developer.crowdstrike.com/api-reference/overview/ + +When configuring this connector, create an API client in CrowdStrike Falcon and provide the following information in the Microsoft Sentinel data connector: + +* Client ID +* Client Secret +* API Endpoint + +This connector is recommended for organizations that primarily require security monitoring, alerting, and incident response data. + +### 2. CrowdStrike Falcon Data Replicator (Amazon S3) + +The CrowdStrike Falcon Data Replicator (FDR) connector collects telemetry data exported by CrowdStrike to Amazon S3 and ingests it into Microsoft Sentinel. + +Use this connector when you need detailed telemetry that is not available through CrowdStrike native APIs, including: + +* Process events +* DNS events +* Network events +* Authentication events +* Endpoint activity logs +* Other Falcon Data Replicator (FDR) datasets + +Before configuring the Microsoft Sentinel connector, create the required AWS resources, such as the S3 bucket and SQS queue. Guidance for creating the AWS resources can be found here: + +https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/crowdstrike-source-setup.html + +After the AWS resources are created: + +1. In CrowdStrike Falcon, navigate to **Data Sources**. +2. Add a new data source and select **CrowdStrike Falcon Data Replicator (FDR)**. +3. Provide the AWS resource details, including the S3 bucket and SQS queue information. +4. CrowdStrike will begin exporting FDR telemetry to the configured S3 bucket. +5. Configure the Microsoft Sentinel CrowdStrike Falcon Data Replicator (Amazon S3) connector using the AWS resource details. +6. Microsoft Sentinel will ingest the telemetry data from Amazon S3. + +Data Flow: + +CrowdStrike Falcon → Amazon S3 → Microsoft Sentinel + +This connector is recommended for organizations that require detailed endpoint telemetry for advanced threat hunting, investigations, and analytics. + + +### Note + +The two connectors are complementary and can be deployed together. + +* Use **CrowdStrike Falcon API** to collect alerts, detections, incidents, and other data available through CrowdStrike native APIs. +* Use **CrowdStrike Falcon Data Replicator (Amazon S3)** to collect detailed telemetry such as process, DNS, and network events exported to Amazon S3. +* Deploy both connectors when comprehensive visibility across security alerts and endpoint telemetry is required. + +## References + +* CrowdStrike API Reference: https://developer.crowdstrike.com/api-reference/overview/ +* AWS CrowdStrike Source Setup: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/crowdstrike-source-setup.html From 3a4ba399a62fac6addba81f82202afcb910a8b18 Mon Sep 17 00:00:00 2001 From: Alekhya0824 Date: Thu, 11 Jun 2026 18:54:02 +0530 Subject: [PATCH 2/9] update readmefile --- .../Data Connectors/readme.md | 142 ++++++++++++------ 1 file changed, 97 insertions(+), 45 deletions(-) diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/readme.md b/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/readme.md index 7a24ccf0419..30dd22025e4 100644 --- a/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/readme.md +++ b/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/readme.md @@ -2,87 +2,139 @@ ## Table of Contents -* Overview -* Available Data Connectors -* References +* [Overview](#overview) +* [Available Data Connectors](#available-data-connectors) + + * [CrowdStrike API Data Connector (via Codeless Connector Framework)](#1-crowdstrike-api-data-connector-via-codeless-connector-framework) + * [CrowdStrike Falcon Data Replicator (AWS S3) (via Codeless Connector Framework)](#2-crowdstrike-falcon-data-replicator-aws-s3-via-codeless-connector-framework) +* [References](#references) + +--- ## Overview -Microsoft Sentinel provides multiple CrowdStrike data connectors. This document focuses on the CrowdStrike Common Connector Framework (CCF) data connectors and helps customers determine which connector best fits their data ingestion requirements. +Microsoft Sentinel provides multiple CrowdStrike data connectors for ingesting security and telemetry data from CrowdStrike Falcon. -## Available Data Connectors +This document focuses on the **CrowdStrike Common Connector Framework (CCF)** data connectors and helps customers determine which connector best fits their data ingestion requirements. -The following CrowdStrike CCF data connectors are available: +The following CrowdStrike CCF data connectors are currently available: -1. **CrowdStrike Falcon API** -2. **CrowdStrike Falcon Data Replicator (Amazon S3)** +1. **CrowdStrike API Data Connector (via Codeless Connector Framework)** +2. **CrowdStrike Falcon Data Replicator (AWS S3) (via Codeless Connector Framework)** -### 1. CrowdStrike Falcon API +--- + +## Available Data Connectors -The CrowdStrike Falcon API connector collects data directly from CrowdStrike Falcon APIs. +### 1. CrowdStrike API Data Connector (via Codeless Connector Framework) -Use this connector when you need security-related data that is available through CrowdStrike native APIs, including: +The **CrowdStrike API Data Connector (via Codeless Connector Framework)** collects data directly from CrowdStrike Falcon native APIs. + +Use this connector when you need security-related information that is available through CrowdStrike APIs, including: * Alerts * Detections * Incidents -* Security findings -* Other Falcon API-supported data +* Security Findings +* Host Information +* Vulnerability Information +* Other Falcon API-supported datasets -To learn more about the APIs and data available through CrowdStrike Falcon APIs, refer to the CrowdStrike API Reference documentation: +To learn more about the available CrowdStrike APIs and supported datasets, refer to the CrowdStrike API Reference documentation: +**CrowdStrike API Reference** https://developer.crowdstrike.com/api-reference/overview/ -When configuring this connector, create an API client in CrowdStrike Falcon and provide the following information in the Microsoft Sentinel data connector: +### Configuration Requirements + +Before configuring the Microsoft Sentinel connector: -* Client ID -* Client Secret -* API Endpoint +1. Create an API client in CrowdStrike Falcon. +2. Collect the following information: -This connector is recommended for organizations that primarily require security monitoring, alerting, and incident response data. + * Client ID + * Client Secret + * API Endpoint +3. Provide these values during connector configuration in Microsoft Sentinel. -### 2. CrowdStrike Falcon Data Replicator (Amazon S3) +--- -The CrowdStrike Falcon Data Replicator (FDR) connector collects telemetry data exported by CrowdStrike to Amazon S3 and ingests it into Microsoft Sentinel. +### 2. CrowdStrike Falcon Data Replicator (AWS S3) (via Codeless Connector Framework) -Use this connector when you need detailed telemetry that is not available through CrowdStrike native APIs, including: +The **CrowdStrike Falcon Data Replicator (AWS S3) (via Codeless Connector Framework)** connector collects telemetry data exported by CrowdStrike to Amazon S3 and ingests it into Microsoft Sentinel. -* Process events -* DNS events -* Network events -* Authentication events -* Endpoint activity logs +Use this connector when detailed endpoint telemetry is required, including: + +* Process Events +* DNS Events +* Network Events +* Authentication Events +* Endpoint Activity Logs * Other Falcon Data Replicator (FDR) datasets -Before configuring the Microsoft Sentinel connector, create the required AWS resources, such as the S3 bucket and SQS queue. Guidance for creating the AWS resources can be found here: +These telemetry datasets are generally not available through CrowdStrike native APIs and are delivered through the Falcon Data Replicator (FDR) service. + +### Prerequisites +Before configuring the Microsoft Sentinel connector: + +1. Create the required AWS resources. +2. Configure an Amazon S3 bucket. +3. Configure an Amazon SQS queue. + +AWS setup guidance: + +**AWS CrowdStrike Source Setup Documentation** https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/crowdstrike-source-setup.html -After the AWS resources are created: +### CrowdStrike Configuration Steps + +1. Sign in to CrowdStrike Falcon. +2. Navigate to **Data Sources**. +3. Add a new data source. +4. Select **CrowdStrike Falcon Data Replicator (FDR)**. +5. Provide the required AWS resource information, including: -1. In CrowdStrike Falcon, navigate to **Data Sources**. -2. Add a new data source and select **CrowdStrike Falcon Data Replicator (FDR)**. -3. Provide the AWS resource details, including the S3 bucket and SQS queue information. -4. CrowdStrike will begin exporting FDR telemetry to the configured S3 bucket. -5. Configure the Microsoft Sentinel CrowdStrike Falcon Data Replicator (Amazon S3) connector using the AWS resource details. -6. Microsoft Sentinel will ingest the telemetry data from Amazon S3. + * Amazon S3 Bucket + * Amazon SQS Queue +6. CrowdStrike begins exporting telemetry data to the configured Amazon S3 bucket. -Data Flow: +### Microsoft Sentinel Configuration -CrowdStrike Falcon → Amazon S3 → Microsoft Sentinel +After telemetry export is configured: -This connector is recommended for organizations that require detailed endpoint telemetry for advanced threat hunting, investigations, and analytics. +1. Open the **CrowdStrike Falcon Data Replicator (AWS S3) (via Codeless Connector Framework)** connector in Microsoft Sentinel. +2. Provide the AWS resource details. +3. Complete the connector deployment. +4. Microsoft Sentinel begins ingesting telemetry data from Amazon S3. +### Data Flow -### Note +```text +CrowdStrike Falcon + ↓ + Amazon S3 + ↓ +Microsoft Sentinel +``` + | -The two connectors are complementary and can be deployed together. +### Best Practice -* Use **CrowdStrike Falcon API** to collect alerts, detections, incidents, and other data available through CrowdStrike native APIs. -* Use **CrowdStrike Falcon Data Replicator (Amazon S3)** to collect detailed telemetry such as process, DNS, and network events exported to Amazon S3. -* Deploy both connectors when comprehensive visibility across security alerts and endpoint telemetry is required. +* Use **CrowdStrike API Data Connector (via Codeless Connector Framework)** to collect alerts, detections, incidents, findings, and other data available through CrowdStrike native APIs. +* Use **CrowdStrike Falcon Data Replicator (AWS S3) (via Codeless Connector Framework)** to collect detailed telemetry such as process, DNS, authentication, and network events exported to Amazon S3. +* Deploy **both connectors** when comprehensive visibility across security alerts and endpoint telemetry is required. + +--- ## References -* CrowdStrike API Reference: https://developer.crowdstrike.com/api-reference/overview/ -* AWS CrowdStrike Source Setup: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/crowdstrike-source-setup.html +### CrowdStrike Documentation + +* CrowdStrike API Reference + https://developer.crowdstrike.com/api-reference/overview/ + +### AWS Documentation + +* AWS CrowdStrike Source Setup + https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/crowdstrike-source-setup.html From eb13e3b450f299a800f57993258f6e93ea682d14 Mon Sep 17 00:00:00 2001 From: Alekhya0824 Date: Thu, 11 Jun 2026 19:02:49 +0530 Subject: [PATCH 3/9] update --- .../Data Connectors/readme.md | 21 ++++++++++--------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/readme.md b/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/readme.md index 30dd22025e4..836161c8fc6 100644 --- a/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/readme.md +++ b/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/readme.md @@ -7,6 +7,8 @@ * [CrowdStrike API Data Connector (via Codeless Connector Framework)](#1-crowdstrike-api-data-connector-via-codeless-connector-framework) * [CrowdStrike Falcon Data Replicator (AWS S3) (via Codeless Connector Framework)](#2-crowdstrike-falcon-data-replicator-aws-s3-via-codeless-connector-framework) + +* [Best Practices](#best-practices) * [References](#references) --- @@ -15,7 +17,7 @@ Microsoft Sentinel provides multiple CrowdStrike data connectors for ingesting security and telemetry data from CrowdStrike Falcon. -This document focuses on the **CrowdStrike Common Connector Framework (CCF)** data connectors and helps customers determine which connector best fits their data ingestion requirements. +This document provides an overview of the **CrowdStrike Common Connector Framework (CCF)** data connectors and helps you easily determine which connector best fits your data ingestion requirements. The following CrowdStrike CCF data connectors are currently available: @@ -42,7 +44,7 @@ Use this connector when you need security-related information that is available To learn more about the available CrowdStrike APIs and supported datasets, refer to the CrowdStrike API Reference documentation: -**CrowdStrike API Reference** +**CrowdStrike API Reference** https://developer.crowdstrike.com/api-reference/overview/ ### Configuration Requirements @@ -51,7 +53,6 @@ Before configuring the Microsoft Sentinel connector: 1. Create an API client in CrowdStrike Falcon. 2. Collect the following information: - * Client ID * Client Secret * API Endpoint @@ -84,7 +85,7 @@ Before configuring the Microsoft Sentinel connector: AWS setup guidance: -**AWS CrowdStrike Source Setup Documentation** +**AWS CrowdStrike Source Setup Documentation** https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/crowdstrike-source-setup.html ### CrowdStrike Configuration Steps @@ -94,7 +95,6 @@ https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/crowdstrike-sourc 3. Add a new data source. 4. Select **CrowdStrike Falcon Data Replicator (FDR)**. 5. Provide the required AWS resource information, including: - * Amazon S3 Bucket * Amazon SQS Queue 6. CrowdStrike begins exporting telemetry data to the configured Amazon S3 bucket. @@ -117,9 +117,10 @@ CrowdStrike Falcon ↓ Microsoft Sentinel ``` - | -### Best Practice +--- + +## Best Practices * Use **CrowdStrike API Data Connector (via Codeless Connector Framework)** to collect alerts, detections, incidents, findings, and other data available through CrowdStrike native APIs. * Use **CrowdStrike Falcon Data Replicator (AWS S3) (via Codeless Connector Framework)** to collect detailed telemetry such as process, DNS, authentication, and network events exported to Amazon S3. @@ -131,10 +132,10 @@ Microsoft Sentinel ### CrowdStrike Documentation -* CrowdStrike API Reference +* CrowdStrike API Reference https://developer.crowdstrike.com/api-reference/overview/ ### AWS Documentation -* AWS CrowdStrike Source Setup - https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/crowdstrike-source-setup.html +* AWS CrowdStrike Source Setup + https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/crowdstrike-source-setup.html \ No newline at end of file From 3080de37703cdb0388060447826485d8e0d494eb Mon Sep 17 00:00:00 2001 From: Alekhya0824 Date: Thu, 11 Jun 2026 19:06:00 +0530 Subject: [PATCH 4/9] update --- .../Data Connectors/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/readme.md b/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/readme.md index 836161c8fc6..f648f452bec 100644 --- a/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/readme.md +++ b/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/readme.md @@ -17,7 +17,7 @@ Microsoft Sentinel provides multiple CrowdStrike data connectors for ingesting security and telemetry data from CrowdStrike Falcon. -This document provides an overview of the **CrowdStrike Common Connector Framework (CCF)** data connectors and helps you easily determine which connector best fits your data ingestion requirements. +This document provides an overview of the **CrowdStrike Codeless Connector Framework (CCF)** data connectors and helps you easily determine which connector best fits your data ingestion requirements. The following CrowdStrike CCF data connectors are currently available: From 7a21fc91584336b8c13cda4a5189d5544e38fcd2 Mon Sep 17 00:00:00 2001 From: Alekhya0824 Date: Thu, 11 Jun 2026 22:07:46 +0530 Subject: [PATCH 5/9] update --- .../{Data Connectors => }/readme.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename Solutions/CrowdStrike Falcon Endpoint Protection/{Data Connectors => }/readme.md (100%) diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/readme.md b/Solutions/CrowdStrike Falcon Endpoint Protection/readme.md similarity index 100% rename from Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/readme.md rename to Solutions/CrowdStrike Falcon Endpoint Protection/readme.md From 63d963c4783a67af3cd22a66c097b138f9baca75 Mon Sep 17 00:00:00 2001 From: Alekhya0824 Date: Fri, 12 Jun 2026 14:51:41 +0530 Subject: [PATCH 6/9] update --- .../readme.md | 54 +++++++++++++++---- 1 file changed, 44 insertions(+), 10 deletions(-) diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/readme.md b/Solutions/CrowdStrike Falcon Endpoint Protection/readme.md index f648f452bec..072c87dd0b6 100644 --- a/Solutions/CrowdStrike Falcon Endpoint Protection/readme.md +++ b/Solutions/CrowdStrike Falcon Endpoint Protection/readme.md @@ -1,28 +1,32 @@ -# CrowdStrike CCF Data Connectors +# CrowdStrike Data Connectors ## Table of Contents * [Overview](#overview) + * [Available Data Connectors](#available-data-connectors) * [CrowdStrike API Data Connector (via Codeless Connector Framework)](#1-crowdstrike-api-data-connector-via-codeless-connector-framework) * [CrowdStrike Falcon Data Replicator (AWS S3) (via Codeless Connector Framework)](#2-crowdstrike-falcon-data-replicator-aws-s3-via-codeless-connector-framework) + * [CrowdStrike Falcon Adversary Intelligence](#3-crowdstrike-falcon-adversary-intelligence) * [Best Practices](#best-practices) + * [References](#references) --- ## Overview -Microsoft Sentinel provides multiple CrowdStrike data connectors for ingesting security and telemetry data from CrowdStrike Falcon. +Microsoft Sentinel provides multiple CrowdStrike data connectors for ingesting security, telemetry, and threat intelligence data from CrowdStrike Falcon. -This document provides an overview of the **CrowdStrike Codeless Connector Framework (CCF)** data connectors and helps you easily determine which connector best fits your data ingestion requirements. +This document provides an overview of the available CrowdStrike data connectors and helps you easily determine which connector best fits your data ingestion requirements. -The following CrowdStrike CCF data connectors are currently available: +The following CrowdStrike data connectors are currently available: 1. **CrowdStrike API Data Connector (via Codeless Connector Framework)** 2. **CrowdStrike Falcon Data Replicator (AWS S3) (via Codeless Connector Framework)** +3. **CrowdStrike Falcon Adversary Intelligence** --- @@ -44,7 +48,7 @@ Use this connector when you need security-related information that is available To learn more about the available CrowdStrike APIs and supported datasets, refer to the CrowdStrike API Reference documentation: -**CrowdStrike API Reference** +**CrowdStrike API Reference** https://developer.crowdstrike.com/api-reference/overview/ ### Configuration Requirements @@ -53,6 +57,7 @@ Before configuring the Microsoft Sentinel connector: 1. Create an API client in CrowdStrike Falcon. 2. Collect the following information: + * Client ID * Client Secret * API Endpoint @@ -85,7 +90,7 @@ Before configuring the Microsoft Sentinel connector: AWS setup guidance: -**AWS CrowdStrike Source Setup Documentation** +**AWS CrowdStrike Source Setup Documentation** https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/crowdstrike-source-setup.html ### CrowdStrike Configuration Steps @@ -95,6 +100,7 @@ https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/crowdstrike-sourc 3. Add a new data source. 4. Select **CrowdStrike Falcon Data Replicator (FDR)**. 5. Provide the required AWS resource information, including: + * Amazon S3 Bucket * Amazon SQS Queue 6. CrowdStrike begins exporting telemetry data to the configured Amazon S3 bucket. @@ -120,11 +126,39 @@ Microsoft Sentinel --- +### 3. CrowdStrike Falcon Adversary Intelligence + +The **CrowdStrike Falcon Adversary Intelligence** connector ingests threat intelligence from CrowdStrike Falcon into Microsoft Sentinel. + +Use this connector when you need access to CrowdStrike-curated intelligence related to: + +* Threat Actors +* Adversaries +* Indicators of Compromise (IOCs) +* Malware Intelligence +* Threat Intelligence Reports +* Campaign Information +* Threat Intelligence Context + +This connector enriches investigations and threat hunting activities by providing intelligence about known adversaries and their tactics, techniques, and procedures (TTPs). + +### Recommended Use Cases + +* Threat Intelligence Management +* Threat Hunting +* IOC Enrichment +* Investigation Enrichment +* Adversary Tracking +* Security Operations Center (SOC) Workflows + +--- + ## Best Practices * Use **CrowdStrike API Data Connector (via Codeless Connector Framework)** to collect alerts, detections, incidents, findings, and other data available through CrowdStrike native APIs. * Use **CrowdStrike Falcon Data Replicator (AWS S3) (via Codeless Connector Framework)** to collect detailed telemetry such as process, DNS, authentication, and network events exported to Amazon S3. -* Deploy **both connectors** when comprehensive visibility across security alerts and endpoint telemetry is required. +* Use **CrowdStrike Falcon Adversary Intelligence** to enrich investigations with threat intelligence, indicators, adversary information, and intelligence context. +* Deploy multiple connectors when comprehensive visibility across alerts, telemetry, and threat intelligence is required. --- @@ -132,10 +166,10 @@ Microsoft Sentinel ### CrowdStrike Documentation -* CrowdStrike API Reference +* CrowdStrike API Reference https://developer.crowdstrike.com/api-reference/overview/ ### AWS Documentation -* AWS CrowdStrike Source Setup - https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/crowdstrike-source-setup.html \ No newline at end of file +* AWS CrowdStrike Source Setup + https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/crowdstrike-source-setup.html From 72f16a7f8123df674cf8adab3e23ac5e7d5f18d5 Mon Sep 17 00:00:00 2001 From: Alekhya0824 Date: Fri, 12 Jun 2026 14:54:45 +0530 Subject: [PATCH 7/9] update --- .../CrowdStrike Falcon Endpoint Protection/readme.md | 9 --------- 1 file changed, 9 deletions(-) diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/readme.md b/Solutions/CrowdStrike Falcon Endpoint Protection/readme.md index 072c87dd0b6..2a9520b4ea4 100644 --- a/Solutions/CrowdStrike Falcon Endpoint Protection/readme.md +++ b/Solutions/CrowdStrike Falcon Endpoint Protection/readme.md @@ -142,15 +142,6 @@ Use this connector when you need access to CrowdStrike-curated intelligence rela This connector enriches investigations and threat hunting activities by providing intelligence about known adversaries and their tactics, techniques, and procedures (TTPs). -### Recommended Use Cases - -* Threat Intelligence Management -* Threat Hunting -* IOC Enrichment -* Investigation Enrichment -* Adversary Tracking -* Security Operations Center (SOC) Workflows - --- ## Best Practices From d9d79129ea81bf2e9bbe0f24af35b376955d54a8 Mon Sep 17 00:00:00 2001 From: Alekhya0824 Date: Tue, 16 Jun 2026 14:10:07 +0530 Subject: [PATCH 8/9] update --- .../CrowdStrike Falcon Endpoint Protection/{readme.md => RE.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename Solutions/CrowdStrike Falcon Endpoint Protection/{readme.md => RE.md} (100%) diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/readme.md b/Solutions/CrowdStrike Falcon Endpoint Protection/RE.md similarity index 100% rename from Solutions/CrowdStrike Falcon Endpoint Protection/readme.md rename to Solutions/CrowdStrike Falcon Endpoint Protection/RE.md From 09af2de37cecabfb3cc4c65b11e5c6c3cfefafb3 Mon Sep 17 00:00:00 2001 From: Alekhya0824 Date: Tue, 16 Jun 2026 14:10:48 +0530 Subject: [PATCH 9/9] UPDATE THE FILE NAME --- .../CrowdStrike Falcon Endpoint Protection/{RE.md => README.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename Solutions/CrowdStrike Falcon Endpoint Protection/{RE.md => README.md} (100%) diff --git a/Solutions/CrowdStrike Falcon Endpoint Protection/RE.md b/Solutions/CrowdStrike Falcon Endpoint Protection/README.md similarity index 100% rename from Solutions/CrowdStrike Falcon Endpoint Protection/RE.md rename to Solutions/CrowdStrike Falcon Endpoint Protection/README.md