Crowdstrike Falcon Intelligence

Crowdstrike Falcon Intelligence is a Threat Intelligence (TI) integration. TI Data Source integrations are used during investigations to improve analysis and in interactive chat to help answer questions. They are optional, but enabling more tooling integrations enhances Dropzone analysis.

Note that this is separate from the "CrowdStrike" Alert and Data Source.

The Dropzone platform supports Crowdstrike Falcon Intelligence to determine if entities such as domains, IPs, URLs, or files are malicious. Dropzone uses Pangea to get access to Crowdstrike Falcon Intelligence.

Create an API Key

Crowdstrike Falcon Intelligence requires a Pangea API to enable.

To obtain an API Key, do the following:

  • In the upper left corner of Pangea, click the menu icon

Open the Menu
  • Navigate to "File Scan"

Navigate to "File Scan"
  • Copy the default token under "Configuration Details" for use later in the Dropzone UI where it is called "Pangea API Token"

Copy API Token

Enable Crowdstrike Falcon Intelligence

To enable the Data Source integration, do the following:

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app

  • In the bottom left hand corner, click Settings > Integrations

Integrations Dropdown
  • Click "Available"

Click Available
  • In the Search bar, search Crowdstrike Falcon Intelligence, then click "Configure"

The CrowdStrike Falcon Intelligence Data Tile
  • Input the Pangea API Token

  • Click "Test & Save" to finish

The Crowdstrike Falcon Intelligence Data Source Configuration

If you have any errors engage your Dropzone AI support representative.

Last updated

Was this helpful?