Back to Integrations
integration integration
integration CrowdStrike node
HTTP Request

Integrate CrowdStrike with 500+ apps and services

Unlock CrowdStrike's full potential with n8n, connecting it to similar Cybersecurity apps and over 1000 other services. Automate cybersecurity workflows by monitoring threats, managing incident responses, and securing data across platforms. Use n8n's pre-authenticated HTTP request node to construct adaptable and scalable workflows between CrowdStrike and your stack. All within a building experience you will love.

Create workflows with CrowdStrike integrations

797 integrations
Sort by:
Popularity
NameOldestNewest

Popular ways to use CrowdStrike integration

HTTP Request node
Slack node
Jira Software node
+2

Analyze CrowdStrike Detections - Search for IOCs in VirusTotal - Create a Ticket in Jira, and Post a Message in Slack

This n8n workflow automates the handling of security detections from CrowdStrike, streamlining incident response and notification processes. The workflow is triggered daily at midnight by the Schedule Trigger node. It begins by fetching recent security detections from CrowdStrike using an HTTP Request node. The response is then split into individual detections for further processing. Each detection is enriched by querying the CrowdStrike API for detailed information using another HTTP Request node. The workflow then processes these detections sequentially using the Split In Batches node. Next, it looks up behavioral information associated with each detection in VirusTotal using two HTTP Request nodes. One node queries VirusTotal based on SHA256 values, and the other based on IOC (Indicator of Compromise) values. The workflow includes a 1-second pause using the Wait node to prevent rate limiting when making requests to the VirusTotal API. Subsequently, the workflow sets fields with relevant details from both CrowdStrike and VirusTotal, including detection links, confidence scores, filenames, usernames, and more. These details are concatenated using an Item Lists node for each detection. The final step involves creating Jira issues for each detection, including summaries with CrowdStrike alert severity and hostnames, as well as descriptions that incorporate information from CrowdStrike and VirusTotal. Information about this issue is then sent via a Slack message to a Slack user. Potential issues during setup might include configuring the Schedule Trigger node to trigger at the correct time zone and handling potential rate limiting from the VirusTotal API, which could lead to throttled requests. Additionally, the note about a possible typo in the URL for the Virustotal nodes should be addressed to ensure correct API calls. The Jira node may need to be replaced with the latest version for compatibility. Properly configuring API credentials and handling errors that may occur during API requests are essential for a smooth workflow operation. Careful testing with sample data is recommended to validate the workflow's functionality and ensure it aligns with your organization's security incident response processes.

Supported API Endpoints for CrowdStrike

To set up CrowdStrike integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to CrowdStrike to query the data you need using the URLs you provide.

See the example here

GetDeviceDetails
Retrieve device details for a specific host.
GET
/devices/entities/devices/v1
QueryDevicesByFilter
Query devices by filter.
GET
/devices/queries/devices/v1
PerformDeviceAction
Perform a device action such as 'Contain' or 'Lift Containment'.
POST
/devices/entities/devices-actions/v2
GetDeviceSnapshots
Get snapshots of device status.
GET
/devices/entities/snapshots/v1
GetDeviceDetailsById
Retrieve device details for a specific host by device ID.
GET
/devices/entities/devices/v1?ids={device_id}

Take a look at the CrowdStrike official documentation to get a full list of all API endpoints

GetAlerts
Retrieve a list of alerts.
GET
/alerts/queries/alerts/v1
GetAlertDetails
Retrieve details of a specific alert.
GET
/alerts/entities/alerts/v1
AcknowledgeAlert
Acknowledge a specific alert.
POST
/alerts/entities/alerts-actions/v1
UpdateAlert
Update details of a specific alert.
PATCH
/alerts/entities/alerts/v1
DeleteAlert
Delete a specific alert.
DELETE
/alerts/entities/alerts/v1

Take a look at the CrowdStrike official documentation to get a full list of all API endpoints

QueryDetections
Retrieve detections based on provided query parameters.
GET
/detects/queries/detects/v1
GetDetectionDetails
Retrieve details for a specific detection.
GET
/detects/entities/detects/v1
UpdateDetection
Update details of a specific detection.
PATCH
/detects/entities/detects/v1
AcknowledgeDetection
Acknowledge a specific detection.
POST
/detects/entities/detects-actions/v1
DeleteDetection
Delete a specific detection.
DELETE
/detects/entities/detects/v1

Take a look at the CrowdStrike official documentation to get a full list of all API endpoints

GetUsers
Retrieve a list of users.
GET
/users/queries/users/v1
GetUserDetails
Retrieve details of a specific user.
GET
/users/entities/users/v1
CreateUser
Create a new user.
POST
/users/entities/users/v1
UpdateUser
Update details of a specific user.
PATCH
/users/entities/users/v1
DeleteUser
Delete a specific user.
DELETE
/users/entities/users/v1

Take a look at the CrowdStrike official documentation to get a full list of all API endpoints

CrowdStrike node
HTTP Request

About CrowdStrike

CrowdStrike is a cybersecurity company known for its cloud-based endpoint security platform, Falcon. It provides advanced threat detection and response solutions, leveraging artificial intelligence and machine learning to protect organizations from cyberattacks and breaches.

Related categories

Similar integrations

  • Cisco Secure Endpoint node
  • QRadar node
  • ZScaler ZIA node
  • VirusTotal node
  • Cisco Umbrella node
  • Kibana node
  • Carbon Black node
  • Fortinet FortiGate node
  • Imperva WAF node
  • MIST node
Use case

The SOAR platform you want

Mountains of monotonous tasks make building and monitoring your workflows a chore. Not anymore.

Learn more

Over 3000 companies switch to n8n every single week

We're using the @n8n_io cloud for our internal automation tasks since the beta started. It's awesome! Also, support is super fast and always helpful. 🤗

Last week I automated much of the back office work for a small design studio in less than 8hrs and I am still mind-blown about it.

n8n is a game-changer and should be known by all SMBs and even enterprise companies.

in other news I installed @n8n_io tonight and holy moly it’s good

it’s compatible with EVERYTHING

FAQ about CrowdStrike integrations

  • How can I set up CrowdStrike integration in n8n?

      To use CrowdStrike integration in n8n, start by adding the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. Once connected, you can make custom API calls to CrowdStrike to query the data you need using the URLs you provide, for example: you can use the HTTP Request node to create or update records in CrowdStrike by sending POST or PUT requests with the appropriate payload. For retrieving data, configure the node to use a GET request with the specific endpoint you're interested in, such as querying incidents or threat intelligence reports. Make sure to handle pagination and filters in your API calls to efficiently manage large datasets or specific queries.

  • Do I need any special permissions or API keys to integrate CrowdStrike with n8n?

  • Can I combine CrowdStrike with other apps in n8n workflows?

  • What are some common use cases for CrowdStrike integrations with n8n?

  • How does n8n’s pricing model benefit me when integrating CrowdStrike?

Connect CrowdStrike with your company’s tech stack and create automation workflows