CONTACT US
forrester wave report 2023

Close your ransomware case with Open NDR

SEE HOW

Download our free guide to find hidden attackers.

Find hidden attackers with Open NDR

SEE HOW

cloud-network

Corelight announces cloud enrichment for AWS, GCP, and Azure

READ MORE

corelight partner programe guide

Corelight's partner program

VIEW PROGRAM

glossary-icon

10 Considerations for Implementing an XDR Strategy

READ NOW

ad-images-nav_0006_Blog

Don't trust. Verify with evidence

READ BLOG

video

The Power of Open-Source Tools for Network Detection and Response

WATCH THE WEBCAST

ad-nav-ESG

The Evolving Role of NDR

DOWNLOAD THE REPORT

ad-images-nav_0006_Blog

Detecting 5 Current APTs without heavy lifting

READ BLOG

g2-medal-best-support-spring-2024

Network Detection and Response

SUPPORT OVERVIEW

 

Streamlining Incident Response: How CrowdStrike Falcon EDR integration enhances threat detection

In the ever-evolving landscape of cybersecurity threats, staying ahead requires more than just threat detection; it demands comprehensive correlation and analysis for informed decision-making. Understanding the context surrounding an alert is important for effective risk mitigation. That's why we're thrilled to announce the integration of CrowdStrike Falcon EDR with Investigator, part of Corelight’s Open NDR Platform.

Consider a scenario commonly encountered in security operations centers (SOC): a network security alert is triggered, indicating suspicious activity originating from a specific network IP address. Historically, without immediate access to detailed host information, analysts would face difficulties pinpointing the exact device or user responsible for the detected activity. This lack of context could lead to delays in response and potentially compromise the organization's security posture.

The integration of CrowdStrike Falcon EDR with Investigator effectively addresses this challenge. What does this mean for users?

 

 

Enhanced Context: The integration seamlessly enriches alerts with essential host details from CrowdStrike Falcon EDR, such as MAC addresses, hostnames, and operating systems. This enhanced context assists analysts map network IP addresses to specific hosts, removing the need to manually query different systems like Corelight logs or asset management databases. Analysts can access comprehensive host information directly from the Investigator interface.

Point-in-time Evidence: Host information is obtained at the time of the alert and retained within the Investigator platform, providing point-in-time evidence for thorough analysis, ensuring analysts have access to all relevant information precisely when needed.

In conclusion, by seamlessly combining EDR data with network detection capabilities, users can gain deeper insights into potential threats and respond more effectively to security incidents. Stay ahead of evolving threats and empower your security operations with enhanced context and comprehensive analysis – integrate CrowdStrike EDR with Investigator today.

Recent Posts