About the integration:

Detect, prevent, and respond to cyber threats effectively by using the Crowdstrike-Freshservice integration. Ensure that your team responds to the most important alerts immediately by creating them into incidents using alert rules.

Configuration in Freshservice:

Step 1:

Head to the Admin panel, scroll to IT Operations Management and select Monitoring Tools.

Step 2:

You are now on the Monitoring Tools list page. Select Add monitoring tool to add a new integration.

Step 3:

You will see a list of pre-configured integrations, the gateway to custom integration using webhooks, and the option to use email as a channel for alerts. Select Crowdstrike.

Step 4:

A URL and auth-Key will be generated. You will require this to set up the integration in Crowdstrike.

Configuration in Crowdstrike:

  1. Log into your Crowdstike account.
  2. Go to CrowdStrike store> All Apps.
  3. Select the Crowsdstrike Webhook plugin.
  4. Click on Configure
  5. Click on Add Configuration.
  6. Configure the following details:
    1. Provide a name to the configuration.
    2. Paste the "Auth query param" generated in Step 4 of the Freshservice configuration in the Webhook URL field. The HMAC Secret Key field is not required for this integration to work. Please fill this field using any dummy value of 32 characters.
    3. Check Notify on the configuration failure option.
  7. Click on Save configuration.
  8. Go to Host setup & management> Fusion workflows.
  9. Click on Create workflow. You can create a workflow from scratch or create a workflow using a playbook.
  10. Add the conditions based on which you want to trigger an alert.
  11. Add an action node. In the action node configure the following:
    1. Select action type as "Notifications"
    2. Set action as "Call to webhook"
    3. Choose the webhook name you saved as part of Step 6 of Crowdstrike configuration.
    4. In the data to include section, include the following parameters:
      Workflow name
      Sensor domains
      Host groups
      Sensor hostname
      Local IP
      User ID
      File Path
      IOC Value
      Sensor ID
      User Name
      External IP
      Action Taken
      Bios Version
      Detection ID
      Product Type
      Workflow execution timestamp
      System product
      Trigger Name
      Trigger Category

  12. Save the workflow.

Now you should be able to receive an alert in Freshservice every time the alert condition is satisfied in CrowdStrike