Open navigation

CrowdStrike ThreatGraph

Modified on: Mon, 11 May, 2020 at 11:52 AM


CrowdStrike provides a suite of five APIs to enable customers of the CrowdStrike Falcon platform to enhance their triage workflow and leverage their existing security investments.

The Falcon Threat Graph API is one of the five API’s offered by Crowdstrike that leverages CrowdStrike’s multi-petabyte graph database to reveal the underlying relationships between indicators of compromise (IOCs), devices, processes, and other forensic data and events, such as files written, module loads, or network connections.

With ThreatGraph Transforms, investigators can query the CrowdStrike ThreatGraph API to interact with CrowdStrike Falcon data and traverse the graph to investigate relationships between events.

To read more click here.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.