Back to Integrations
integrationCrowdStrike node
HTTP Request
integrationMalcore node
HTTP Request

CrowdStrike and Malcore integration

Save yourself the work of writing custom integrations for CrowdStrike and Malcore and use n8n instead. Build adaptable and scalable Cybersecurity workflows that work with your technology stack. All within a building experience you will love.

How to connect CrowdStrike and Malcore

  • Step 1: Create a new workflow
  • Step 2: Add and configure nodes
  • Step 3: Connect
  • Step 4: Customize and extend your integration
  • Step 5: Test and activate your workflow

Step 1: Create a new workflow and add the first step

In n8n, click the "Add workflow" button in the Workflows tab to create a new workflow. Add the starting point – a trigger on when your workflow should run: an app event, a schedule, a webhook call, another workflow, an AI chat, or a manual trigger. Sometimes, the HTTP Request node might already serve as your starting point.

CrowdStrike and Malcore integration: Create a new workflow and add the first step

Step 2: Add and configure CrowdStrike and Malcore nodes using the HTTP Request nodes

You can find CrowdStrike and Malcore nodes in the nodes panel and drag them onto your workflow canvas. These nodes will be added as HTTP Request nodes with pre-configured credential types. The HTTP Request node makes custom API calls to CrowdStrike and Malcore. Configure CrowdStrike and Malcore nodes one by one: input data on the left, parameters in the middle, and output data on the right.

CrowdStrike and Malcore integration: Add and configure CrowdStrike and Malcore nodes using the HTTP Request nodes

Step 3: Connect CrowdStrike and Malcore

A connection establishes a link between CrowdStrike and Malcore (or vice versa) to route data through the workflow. Data flows from the output of one node to the input of another. You can have single or multiple connections for each node.

CrowdStrike and Malcore integration: Connect CrowdStrike and Malcore

Step 4: Customize and extend your CrowdStrike and Malcore integration

Use n8n's core nodes such as If, Split Out, Merge, and others to transform and manipulate data. Write custom JavaScript or Python in the Code node and run it as a step in your workflow. Connect CrowdStrike and Malcore with any of n8n’s 1000+ integrations, and incorporate advanced AI logic into your workflows.

CrowdStrike and Malcore integration: Customize and extend your CrowdStrike and Malcore integration

Step 5: Test and activate your CrowdStrike and Malcore workflow

Save and run the workflow to see if everything works as expected. Based on your configuration, data should flow from CrowdStrike and Malcore or vice versa. Easily debug your workflow: you can check past executions to isolate and fix the mistake. Once you've tested everything, make sure to save your workflow and activate it.

CrowdStrike and Malcore integration: Test and activate your CrowdStrike and Malcore workflow

Build your own CrowdStrike and Malcore integration

Create custom CrowdStrike and Malcore workflows by choosing triggers and actions. Nodes come with global operations and settings, as well as app-specific parameters that can be configured. You can also use the HTTP Request node to query data from any app or service with a REST API.

Supported API Endpoints for CrowdStrike

GetDeviceDetails
Retrieve device details for a specific host.
GET
/devices/entities/devices/v1
QueryDevicesByFilter
Query devices by filter.
GET
/devices/queries/devices/v1
PerformDeviceAction
Perform a device action such as 'Contain' or 'Lift Containment'.
POST
/devices/entities/devices-actions/v2
GetDeviceSnapshots
Get snapshots of device status.
GET
/devices/entities/snapshots/v1
GetDeviceDetailsById
Retrieve device details for a specific host by device ID.
GET
/devices/entities/devices/v1?ids={device_id}

To set up CrowdStrike integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to CrowdStrike to query the data you need using the URLs you provide.

See the example here

Take a look at the CrowdStrike official documentation to get a full list of all API endpoints

GetAlerts
Retrieve a list of alerts.
GET
/alerts/queries/alerts/v1
GetAlertDetails
Retrieve details of a specific alert.
GET
/alerts/entities/alerts/v1
AcknowledgeAlert
Acknowledge a specific alert.
POST
/alerts/entities/alerts-actions/v1
UpdateAlert
Update details of a specific alert.
PATCH
/alerts/entities/alerts/v1
DeleteAlert
Delete a specific alert.
DELETE
/alerts/entities/alerts/v1

To set up CrowdStrike integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to CrowdStrike to query the data you need using the URLs you provide.

See the example here

Take a look at the CrowdStrike official documentation to get a full list of all API endpoints

QueryDetections
Retrieve detections based on provided query parameters.
GET
/detects/queries/detects/v1
GetDetectionDetails
Retrieve details for a specific detection.
GET
/detects/entities/detects/v1
UpdateDetection
Update details of a specific detection.
PATCH
/detects/entities/detects/v1
AcknowledgeDetection
Acknowledge a specific detection.
POST
/detects/entities/detects-actions/v1
DeleteDetection
Delete a specific detection.
DELETE
/detects/entities/detects/v1

To set up CrowdStrike integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to CrowdStrike to query the data you need using the URLs you provide.

See the example here

Take a look at the CrowdStrike official documentation to get a full list of all API endpoints

GetUsers
Retrieve a list of users.
GET
/users/queries/users/v1
GetUserDetails
Retrieve details of a specific user.
GET
/users/entities/users/v1
CreateUser
Create a new user.
POST
/users/entities/users/v1
UpdateUser
Update details of a specific user.
PATCH
/users/entities/users/v1
DeleteUser
Delete a specific user.
DELETE
/users/entities/users/v1

To set up CrowdStrike integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to CrowdStrike to query the data you need using the URLs you provide.

See the example here

Take a look at the CrowdStrike official documentation to get a full list of all API endpoints

Supported methods for Malcore

Delete
Get
Head
Options
Patch
Post
Put

Requires additional credentials set up

Use n8n’s HTTP Request node with a predefined or generic credential type to make custom API calls.

FAQs

  • Can CrowdStrike connect with Malcore?

  • Can I use CrowdStrike’s API with n8n?

  • Can I use Malcore’s API with n8n?

  • Is n8n secure for integrating CrowdStrike and Malcore?

  • How to get started with CrowdStrike and Malcore integration in n8n.io?

Looking to integrate CrowdStrike and Malcore in your company?

Over 3000 companies switch to n8n every single week

Why use n8n to integrate CrowdStrike with Malcore

Build complex workflows, really fast

Build complex workflows, really fast

Handle branching, merging and iteration easily.
Pause your workflow to wait for external events.

Code when you need it, UI when you don't

Simple debugging

Your data is displayed alongside your settings, making edge cases easy to track down.

Use templates to get started fast

Use 1000+ workflow templates available from our core team and our community.

Reuse your work

Copy and paste, easily import and export workflows.

Implement complex processes faster with n8n

red iconyellow iconred iconyellow icon