Integrate CrowdStrike with Freshservice Alert Management

About the integration:

Detect, prevent, and respond to cyber threats effectively by using the Crowdstrike-Freshservice integration. Ensure that your team responds to the most important alerts immediately by creating them into incidents using alert rules.

Configuration in Freshservice:

Step 1:

Head to the Admin panel, scroll to IT Operations Management and select Monitoring Tools.

Step 2:

You are now on the Monitoring Tools list page. Select Add monitoring tool to add a new integration.

Step 3:

You will see a list of pre-configured integrations, the gateway to custom integration using webhooks, and the option to use email as a channel for alerts. Select Crowdstrike.

Step 4:

A URL and auth-Key will be generated. You will require this to set up the integration in Crowdstrike.

Configuration in Crowdstrike:

1. Log into your Crowdstike account.
2. Go to CrowdStrike store> All Apps.
3. Select the Crowsdstrike Webhook plugin.
4. Click on Configure
5. Click on Add Configuration.
6. Configure the following details:
   1. Provide a name to the configuration.
   2. Paste the "Auth query param" generated in Step 4 of the Freshservice configuration in the Webhook URL field. The HMAC Secret Key field is not required for this integration to work. Please fill this field using any dummy value of 32 characters.
   3. Check Notify on the configuration failure option.
7. Click on Save configuration.
8. Go to Host setup & management> Fusion workflows.
   
9. Click on Create workflow. You can create a workflow from scratch or create a workflow using a playbook.
10. Add the conditions based on which you want to trigger an alert.
11. Add an action node. In the action node configure the following:
    1. Select action type as "Notifications"
       
    2. Set action as "Call to webhook"
    3. Choose the webhook name you saved as part of Step 6 of Crowdstrike configuration.
    4. In the data to include section, include the following parameters:
       

       Workflow name
       Sensor domains
       Host groups
       Status
       Sensor hostname
       Local IP
       Severity
       User ID
       File Path
       IOC Value
       Sensor ID
       User Name
       Description
       External IP
       Action Taken
       Bios Version
       Detection ID
       Product Type
       Workflow execution timestamp
       System product
       Trigger Name
       Trigger Category

       
       

12. Save the workflow.

Now you should be able to receive an alert in Freshservice every time the alert condition is satisfied in CrowdStrike