We are excited to announce a significant enhancement to our Entity Enrichment integration with CrowdStrike Falcon: the 1-Click Response action. This new feature empowers SOC analysts to isolate a host directly from Corelight Investigator, leveraging enriched context and point-in-time evidence to make informed, rapid decisions during security incidents. This new integration saves time, reduces the risk of human error, and allows for faster response to threats, ultimately enhancing the security of your network.
The 1-Click Response action makes the workflow for SOC analysts significantly more efficient and effective than ever. When a detection is triggered, the Investigator enriches the detection with detailed host information from CrowdStrike Falcon, including crucial entity data such as MAC addresses, hostnames, and operating systems. With this comprehensive view and point-in-time evidence, analysts can swiftly assess the severity of the threat. If immediate action is required, they can isolate the host directly from the Investigator interface with a single click, leveraging CrowdStrike Falcon's Network Contain capability. This seamless process eliminates the need to switch platforms, ensuring rapid and decisive threat mitigation, and saving valuable time in the process.
Removing the isolation is just as straightforward and efficient as initiating it. If further investigation determines that the isolated host no longer poses a threat, analysts can quickly remove the host from isolation directly within the Investigator interface. This ensures that SOC analysts have complete control over the isolation process and can easily remove isolation.
Stay ahead of cyber threats and your incident response with the powerful combination of Investigator and CrowdStrike Falcon. Configure your integration today and experience the robust security benefits of 1-Click Response. This feature empowers you to isolate and remove hosts swiftly, enhancing your network's security.