Crowdstrike Falcon

helps to secure the most critical areas of enterprise risk – endpoints, cloud workloads, identities, and data.

Route detailed alerts from Crowdstrike Falcon to the right users in Squadcast.

Using Crowdstrike Falcon as an Alert Source

1. Navigate to Services -> Service Overview -> select or search for your Service. Expand the accordion -> In the Alert Sources section, click Add.

Create a Squadcast Webhook URL REST Endpoint in Crowdstrike Falcon

(1) Login to your Crowdstrike Falcon dashboard. Head over to Workflows

(2) Click on Create Workflow. Select trigger as New detection or New incident and then under workflow diagram choose condition. Choose Parameter as Detection status or Incident status, Operator as is equal to & Value as New. Then click on + and add Action. Choose Notifications as Action type and Call webhook as Action.

Add webhook by clicking to Go to Store. Click on Configure and then add Squadcast as Name. Paste the previously copied Squadcast Webhook URL in the placeholder for Webhook URL. Then click on Save configuration.

Choose Squadcast as Webhook name and add the data you want to send to Squadcast.

Again add a condition after the Trigger event. Choose Parameter as Detection status or Incident status, Operator as is equal to & Value as Closed. Then click on + and add Action. Choose Notifications as Action type and Call webhook as Action. Choose Squadcast as Webhook name and add the data you want to send to Squadcast.

Then click on Finish. Give it a name and set the Workflow Status as On. Then click on Save workflow

That's it, you are good to go! Your Crowdstrike Falcon integration is now complete. Whenever Crowdstrike Falcon fires an alert, an incident will be created in Squadcast for it. Also, when an status has changed to Closed, the corresponding incident gets auto-resolved in Squadcast.