Back to Integrations
integrationCrowdStrike node
HTTP Request
integrationSlack node

CrowdStrike and Slack integration

Save yourself the work of writing custom integrations for CrowdStrike and Slack and use n8n instead. Build adaptable and scalable Cybersecurity, and Communication workflows that work with your technology stack. All within a building experience you will love.

How to connect CrowdStrike and Slack

  • Step 1: Create a new workflow
  • Step 2: Add and configure nodes
  • Step 3: Connect
  • Step 4: Customize and extend your integration
  • Step 5: Test and activate your workflow

Step 1: Create a new workflow and add the first step

In n8n, click the "Add workflow" button in the Workflows tab to create a new workflow. Add the starting point – a trigger on when your workflow should run: an app event, a schedule, a webhook call, another workflow, an AI chat, or a manual trigger. Sometimes, the HTTP Request node might already serve as your starting point.

CrowdStrike and Slack integration: Create a new workflow and add the first step

Step 2: Add and configure Slack and CrowdStrike (using the HTTP Request node)

You can find Slack and CrowdStrike nodes in the nodes panel and drag them onto your workflow canvas. Slack node comes with pre-built credentials and supported actions. CrowdStrike can be set up with the HTTP Request node using a pre-configured credential type. The HTTP Request node makes custom API calls to CrowdStrike. Configure Slack and CrowdStrike nodes one by one: input data on the left, parameters in the middle, and output data on the right.

Slack and CrowdStrike integration: Add and configure Slack and CrowdStrike nodes

Step 3: Connect Slack and CrowdStrike

A connection establishes a link between Slack and CrowdStrike (or vice versa) to route data through the workflow. Data flows from the output of one node to the input of another. You can have single or multiple connections for each node.

Slack and CrowdStrike integration: Connect Slack and CrowdStrike

Step 4: Customize and extend your Slack and CrowdStrike integration

Use n8n's core nodes such as If, Split Out, Merge, and others to transform and manipulate data. Write custom JavaScript or Python in the Code node and run it as a step in your workflow. Connect Slack and CrowdStrike with any of n8n’s 1000+ integrations, and incorporate advanced AI logic into your workflows.

Slack and CrowdStrike integration: Customize and extend your Slack and CrowdStrike integration

Step 5: Test and activate your Slack and CrowdStrike workflow

Save and run the workflow to see if everything works as expected. Based on your configuration, data should flow from Slack to CrowdStrike or vice versa. Easily debug your workflow: you can check past executions to isolate and fix the mistake. Once you've tested everything, make sure to save your workflow and activate it.

Slack and CrowdStrike integration: Test and activate your Slack and CrowdStrike workflow

Build your own CrowdStrike and Slack integration

Create custom CrowdStrike and Slack workflows by choosing triggers and actions. Nodes come with global operations and settings, as well as app-specific parameters that can be configured. You can also use the HTTP Request node to query data from any app or service with a REST API.

Supported API Endpoints for CrowdStrike

GetDeviceDetails
Retrieve device details for a specific host.
GET
/devices/entities/devices/v1
QueryDevicesByFilter
Query devices by filter.
GET
/devices/queries/devices/v1
PerformDeviceAction
Perform a device action such as 'Contain' or 'Lift Containment'.
POST
/devices/entities/devices-actions/v2
GetDeviceSnapshots
Get snapshots of device status.
GET
/devices/entities/snapshots/v1
GetDeviceDetailsById
Retrieve device details for a specific host by device ID.
GET
/devices/entities/devices/v1?ids={device_id}

To set up CrowdStrike integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to CrowdStrike to query the data you need using the URLs you provide.

See the example here

Take a look at the CrowdStrike official documentation to get a full list of all API endpoints

GetAlerts
Retrieve a list of alerts.
GET
/alerts/queries/alerts/v1
GetAlertDetails
Retrieve details of a specific alert.
GET
/alerts/entities/alerts/v1
AcknowledgeAlert
Acknowledge a specific alert.
POST
/alerts/entities/alerts-actions/v1
UpdateAlert
Update details of a specific alert.
PATCH
/alerts/entities/alerts/v1
DeleteAlert
Delete a specific alert.
DELETE
/alerts/entities/alerts/v1

To set up CrowdStrike integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to CrowdStrike to query the data you need using the URLs you provide.

See the example here

Take a look at the CrowdStrike official documentation to get a full list of all API endpoints

QueryDetections
Retrieve detections based on provided query parameters.
GET
/detects/queries/detects/v1
GetDetectionDetails
Retrieve details for a specific detection.
GET
/detects/entities/detects/v1
UpdateDetection
Update details of a specific detection.
PATCH
/detects/entities/detects/v1
AcknowledgeDetection
Acknowledge a specific detection.
POST
/detects/entities/detects-actions/v1
DeleteDetection
Delete a specific detection.
DELETE
/detects/entities/detects/v1

To set up CrowdStrike integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to CrowdStrike to query the data you need using the URLs you provide.

See the example here

Take a look at the CrowdStrike official documentation to get a full list of all API endpoints

GetUsers
Retrieve a list of users.
GET
/users/queries/users/v1
GetUserDetails
Retrieve details of a specific user.
GET
/users/entities/users/v1
CreateUser
Create a new user.
POST
/users/entities/users/v1
UpdateUser
Update details of a specific user.
PATCH
/users/entities/users/v1
DeleteUser
Delete a specific user.
DELETE
/users/entities/users/v1

To set up CrowdStrike integration, add the HTTP Request node to your workflow canvas and authenticate it using a predefined credential type. This allows you to perform custom operations, without additional authentication setup. The HTTP Request node makes custom API calls to CrowdStrike to query the data you need using the URLs you provide.

See the example here

Take a look at the CrowdStrike official documentation to get a full list of all API endpoints

Slack supported actions

Archive
Archives a conversation
Close
Closes a direct message or multi-person direct message
Create
Initiates a public or private channel-based conversation
Get
Get information about a channel
Get Many
Get many channels in a Slack team
History
Get a conversation's history of messages and events
Invite
Invite a user to a channel
Join
Joins an existing conversation
Kick
Removes a user from a channel
Leave
Leaves a conversation
Member
List members of a conversation
Open
Opens or resumes a direct message or multi-person direct message
Rename
Renames a conversation
Replies
Get a thread of messages posted to a channel
Set Purpose
Sets the purpose for a conversation
Set Topic
Sets the topic for a conversation
Unarchive
Unarchives a conversation
Get
Get Many
Get & filters team files
Upload
Create or upload an existing file
Delete
Get Permalink
Search
Send
Send and Wait for Approval
Update
Add
Adds a reaction to a message
Get
Get the reactions of a message
Remove
Remove a reaction of a message
Add
Add a star to an item
Delete
Delete a star from an item
Get Many
Get many stars of autenticated user
Get
Get information about a user
Get Many
Get a list of many users
Get User's Profile
Get a user's profile
Get User's Status
Get online status of a user
Update User's Profile
Update a user's profile
Create
Disable
Enable
Get Many
Update

FAQs

  • Can CrowdStrike connect with Slack?

  • Can I use CrowdStrike’s API with n8n?

  • Can I use Slack’s API with n8n?

  • Is n8n secure for integrating CrowdStrike and Slack?

  • How to get started with CrowdStrike and Slack integration in n8n.io?

Need help setting up your CrowdStrike and Slack integration?

Discover our latest community's recommendations and join the discussions about CrowdStrike and Slack integration.
Nicolas N
Muhammed Iqbal P B
Nicolas N

Looking to integrate CrowdStrike and Slack in your company?

Over 3000 companies switch to n8n every single week

Why use n8n to integrate CrowdStrike with Slack

Build complex workflows, really fast

Build complex workflows, really fast

Handle branching, merging and iteration easily.
Pause your workflow to wait for external events.

Code when you need it, UI when you don't

Simple debugging

Your data is displayed alongside your settings, making edge cases easy to track down.

Use templates to get started fast

Use 1000+ workflow templates available from our core team and our community.

Reuse your work

Copy and paste, easily import and export workflows.

Implement complex processes faster with n8n

red iconyellow iconred iconyellow icon