CrowdStrike Intel
Modified on: Tue, 31 Aug, 2021 at 2:30 PM
Overview
CrowdStrike provides a suite of APIs to enable customers of the CrowdStrike Falcon platform to enhance their triage workflow and leverage their existing security investments.
The Falcon Intelligence API is one of the five API’s offered by CrowdStrike that enables customers to benefit from a rich feed of information spanning indicators, adversaries, news, and customized threat alerts.
CrowdStrike Intelligence API Transforms allows investigators to query the CrowdStrike Intelligence API to obtain attribution and additional data for indicators and see the correlation between adversaries, indicators, malware families and campaigns.
Benefits
Gain access to CrowdStrike Falcon Intelligence data to perform attribution on 70+ adversary groups that include nation-state, hacktivist, activist, and criminal threat actors
To read more click here.
| CSAPIID |
string |
DefaultValue |
False |
True |
False |
| CSAPIKey |
string |
DefaultValue |
False |
True |
False |
| Display Name |
[CrowdStrike] Query Report for Related Indicators |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
CrowdStrike |
| Transform Name |
QueryReport |
| Input Entities |
CS.Report |
| Output Entities |
Phrase |
| Short Description |
|
| CSAPIID |
string |
DefaultValue |
False |
True |
False |
| CSAPIKey |
string |
DefaultValue |
False |
True |
False |
| Display Name |
[CrowdStrike] Query Mutex for Related Indicators |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
CrowdStrike |
| Transform Name |
QueryMutexInd |
| Input Entities |
CS.Mutex |
| Output Entities |
Phrase |
| Short Description |
|
[CrowdStrike] Query Mutex for Attribution
| CSAPIID |
string |
DefaultValue |
False |
True |
False |
| CSAPIKey |
string |
DefaultValue |
False |
True |
False |
| Display Name |
[CrowdStrike] Query Mutex for Attribution |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
CrowdStrike |
| Transform Name |
QueryMutexAttrib |
| Input Entities |
CS.Mutex |
| Output Entities |
Phrase |
| Short Description |
|
| CSAPIID |
string |
DefaultValue |
False |
True |
False |
| CSAPIKey |
string |
DefaultValue |
False |
True |
False |
| Display Name |
[CrowdStrike] Query IP for Related Indicators |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
CrowdStrike |
| Transform Name |
QueryIPInd |
| Input Entities |
maltego.IPv4Address |
| Output Entities |
Phrase |
| Short Description |
|
[CrowdStrike] Query IP for Attribution
| CSAPIID |
string |
DefaultValue |
False |
True |
False |
| CSAPIKey |
string |
DefaultValue |
False |
True |
False |
| Display Name |
[CrowdStrike] Query IP for Attribution |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
CrowdStrike |
| Transform Name |
QueryIPAttrib |
| Input Entities |
maltego.IPv4Address |
| Output Entities |
Phrase |
| Short Description |
|
| CSAPIID |
string |
DefaultValue |
False |
True |
False |
| CSAPIKey |
string |
DefaultValue |
False |
True |
False |
| Display Name |
[CrowdStrike] Query Hash for Related Indicators |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
CrowdStrike |
| Transform Name |
QueryHashInd |
| Input Entities |
maltego.Hash |
| Output Entities |
Phrase |
| Short Description |
|
[CrowdStrike] Query Hash for Attribution
| CSAPIID |
string |
DefaultValue |
False |
True |
False |
| CSAPIKey |
string |
DefaultValue |
False |
True |
False |
| Display Name |
[CrowdStrike] Query Hash for Attribution |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
CrowdStrike |
| Transform Name |
QueryHashAttrib |
| Input Entities |
maltego.Hash |
| Output Entities |
Phrase |
| Short Description |
|
| CSAPIID |
string |
DefaultValue |
False |
True |
False |
| CSAPIKey |
string |
DefaultValue |
False |
True |
False |
| Display Name |
[CrowdStrike] Query Filename for Related Indicators |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
CrowdStrike |
| Transform Name |
QueryFileInd |
| Input Entities |
CS.Filename |
| Output Entities |
Phrase |
| Short Description |
|
[CrowdStrike] Query Filename for Attribution
| CSAPIID |
string |
DefaultValue |
False |
True |
False |
| CSAPIKey |
string |
DefaultValue |
False |
True |
False |
| Display Name |
[CrowdStrike] Query Filename for Attribution |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
CrowdStrike |
| Transform Name |
QueryFileAttrib |
| Input Entities |
CS.Filename |
| Output Entities |
Phrase |
| Short Description |
|
| CSAPIID |
string |
DefaultValue |
False |
True |
False |
| CSAPIKey |
string |
DefaultValue |
False |
True |
False |
| Display Name |
[CrowdStrike] Query Email for Related Indicators |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
CrowdStrike |
| Transform Name |
QueryEmailInd |
| Input Entities |
maltego.EmailAddress |
| Output Entities |
Phrase |
| Short Description |
|
[CrowdStrike] Query Email Address
| CSAPIID |
string |
DefaultValue |
False |
True |
False |
| CSAPIKey |
string |
DefaultValue |
False |
True |
False |
| Display Name |
[CrowdStrike] Query Email Address |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
CrowdStrike |
| Transform Name |
QueryEmailAttrib |
| Input Entities |
maltego.EmailAddress |
| Output Entities |
Phrase |
| Short Description |
|
[CrowdStrike] Query Domain for Related Indicators
| CSAPIID |
string |
DefaultValue |
False |
True |
False |
| CSAPIKey |
string |
DefaultValue |
False |
True |
False |
| Display Name |
[CrowdStrike] Query Domain for Related Indicators |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
CrowdStrike |
| Transform Name |
QueryDomainIndic |
| Input Entities |
maltego.Domain |
| Output Entities |
Phrase |
| Short Description |
|
[CrowdStrike] Query Domain for Attribution
| CSAPIID |
string |
DefaultValue |
False |
True |
False |
| CSAPIKey |
string |
DefaultValue |
False |
True |
False |
| Display Name |
[CrowdStrike] Query Domain for Attribution |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
CrowdStrike |
| Transform Name |
QueryDomainAttrib |
| Input Entities |
maltego.Domain |
| Output Entities |
Phrase |
| Short Description |
|
| CSAPIID |
string |
DefaultValue |
False |
True |
False |
| CSAPIKey |
string |
DefaultValue |
False |
True |
False |
| Display Name |
[CrowdStrike] Query DNS for Related Indicators |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
CrowdStrike |
| Transform Name |
QueryDNSIndic |
| Input Entities |
maltego.DNSName |
| Output Entities |
Phrase |
| Short Description |
|
[CrowdStrike] Query DNS for Attribution
| CSAPIID |
string |
DefaultValue |
False |
True |
False |
| CSAPIKey |
string |
DefaultValue |
False |
True |
False |
| Display Name |
[CrowdStrike] Query DNS for Attribution |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
CrowdStrike |
| Transform Name |
QueryDNSAttrib |
| Input Entities |
maltego.DNSName |
| Output Entities |
Phrase |
| Short Description |
|
[CrowdStrike] Query Actor for Reports
| CSAPIID |
string |
DefaultValue |
False |
True |
False |
| CSAPIKey |
string |
DefaultValue |
False |
True |
False |
| Display Name |
[CrowdStrike] Query Actor for Reports |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
CrowdStrike |
| Transform Name |
QueryActorReports |
| Input Entities |
CS.Actor |
| Output Entities |
Phrase |
| Short Description |
|
| CSAPIID |
string |
DefaultValue |
False |
True |
False |
| CSAPIKey |
string |
DefaultValue |
False |
True |
False |
| Display Name |
[CrowdStrike] Query Actor for Related Indicators |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
CrowdStrike |
| Transform Name |
QueryActorInd |
| Input Entities |
CS.Actor |
| Output Entities |
Phrase |
| Short Description |
|