# Crowdstrike Falcon
[Crowdstrike Falcon](https://www.crowdstrike.com/falcon-platform/) helps to secure the most critical areas of enterprise risk – endpoints, cloud workloads, identities, and data.
Route detailed alerts from Crowdstrike Falcon to the right users in Squadcast.
### Using Crowdstrike Falcon as an Alert Source
1. Navigate to **Services** -> **Service Overview** -> select or search for your Service. Expand the accordion -> In the Alert Sources section, click **Add**.
2\. Select **Crowdstrike Falcon**. Copy the displayed **Webhook URL** to [configure](#create-a-squadcast-webhook-url-rest-endpoint-in-crowdstrike-falcon) it within **Crowdstrike Falcon**. Finish by clicking **Add Alert Source** -> **Done**.
{% hint style="warning" %} **Important****:**
When an alert source turns Active, it’ll show up under Configured Alert Sources. You can either generate a test alert from the integration or wait for a real-time alert to be generated by the Alert Source.\
\
An Alert Source is active if there is a recorded incident via that Alert Source for the Service.
{% endhint %}
### Create a Squadcast Webhook URL REST Endpoint in Crowdstrike Falcon
**(1)** Login to your Crowdstrike Falcon dashboard. Head over to **Workflows**
**(2)** Click on **Create Workflow**. Select trigger as **New detection** or **New incident** and then under workflow diagram choose **condition**. Choose Parameter as **Detection status** or **Incident status**, Operator as **is equal to** & Value as **New**. Then click on **+** and add **Action**. Choose **Notifications** as **Action type** and **Call webhook** as **Action**.
Add webhook by clicking to **Go to Store**. Click on **Configure** and then add **Squadcast** as **Name**. Paste the previously copied Squadcast Webhook URL in the placeholder for **Webhook URL**. Then click on **Save configuration**.
Choose **Squadcast** as **Webhook name** and add the data you want to send to Squadcast.
{% hint style="info" %}
**Note**:\
Squadcast does not validate HMAC Secret Key, so the user can send any random secret key of their choice.
{% endhint %}
{% hint style="warning" %}
**Important**
* **For New Detection :**
Always add **Detection Id** and **Detection Status** in the data you want to send to Squadcast.
* **For New Incident :**
Always add **Incident Id** and **Incident Status** in the data you want to send to Squadcast.
{% endhint %}
Again add a **condition** after the **Trigger** event. Choose Parameter as **Detection status** or **Incident status**, Operator as **is equal to** & Value as **Closed**. Then click on **+** and add **Action**. Choose **Notifications** as **Action type** and **Call webhook** as **Action**. Choose **Squadcast** as **Webhook name** and add the data you want to send to Squadcast.
Then click on **Finish**. Give it a name and set the **Workflow Status** as **On**. Then click on **Save workflow**
That's it, you are good to go! Your Crowdstrike Falcon integration is now complete. Whenever Crowdstrike Falcon fires an alert, an incident will be created in Squadcast for it. Also, when an status has changed to **Closed**, the corresponding incident gets **auto-resolved** in Squadcast.
*Have any questions?* [*Ask the community*](https://community.squadcast.com/view/home)*.*