The IntSights + CrowdStrike® integration enables mutual customers to gain critical threat knowledge and stop breaches. Security teams can easily discover, view, validate, and investigate IntSights Indicators of Compromise (IOCs) from within a CrowdStrike device in the IntSights platform, streamlining the processes required for effective threat mitigation. Together, CrowdStrike and IntSights offer contextual threat intelligence and continuous endpoint protection.
Streamlined IOC Management
Consolidating tools and intelligence, SOC and security teams can streamline investigations, disseminate intelligence across business units, and improve collaboration to confidently respond to threats. By ingesting and sharing a wide range of intelligence sources, using built-in APIs or STIX and TAXII standards, the IntSights TIP automatically augments existing security devices and updates critical blocklists. Integrations with enterprise SIEMs, firewalls, EDRs, and SOARs enable enrichment of organization-specific IOCs in real time.
Gain Visibility and Context
Following investigation and analysis, teams can push finished intelligence to augment the existing security stack and proactively block threats. The Investigation API arms security practitioners with expanded threat intelligence visibility and rich context related to organization-specific IOCs and other threat indicators. Leveraging tailored investigation-ready threat intelligence, enterprises can query every indicator and receive real-time conclusive IOC determination, automated severity indications, and antivirus detection ratios. To further enhance context, the API provides a wide variety of data enrichment sources including DNS records, Whois data, and resolutions.