Crowdstrike Alerts

crowdstrike

Classification:

attack

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detect when Crowdstrike raises an alert.

Strategy

CrowdStrike provides a centralized platform for monitoring and managing security-related notifications, alerts, and actions across endpoints and cloud workloads. This rule uses the third-party detection method to identify the following Crowdstrike events:

  • DetectionSummaryEvent
  • FirewallMatchEvent
  • IdentityProtectionEvent
  • IdpDetectionSummaryEvent
  • IncidentSummaryEvent
  • EppDetectionSummaryEvent

Triage and response

  1. Investigate the Crowdstrike alert to determine if it is malicious or benign.
  2. If the alert is benign, consider including the user, host or IP address in a suppression list. See Best practices for creating detection rules with Datadog Cloud SIEM for more information.

Changelog

30 June 2025 - Updated rule to include an additional query for @evt.type:EppDetectionSummaryEvent. 15 July 2025 - Updated rule to include additional capitalized severity fields.