Falcon Foundry: Build Custom Apps to Solve Tough Security Challenges

Create custom apps for unrivaled protection with CrowdStrike Falcon® Foundry, cybersecurity’s first low-code application platform.

Not all security operation centers (SOCs) are equal. They have teams of different sizes, with varying skill levels, protecting a wide range of industries around the world. However, they have a few things in common — for one, they face many of the same threats, and many SOC teams struggle with the complexity of managing several disparate tools to detect and disrupt them. 

As the cybersecurity industry matures, SOC teams have more options to consolidate the security tools they use. By bringing more capabilities into a unified platform, they gain the visibility and flexibility they need to tackle critical challenges and defend against adversaries.

CrowdStrike Falcon Foundry, cybersecurity’s first-low-code application platform (LCAP), empowers teams to build custom applications that address their unique security and IT challenges and customize their protection through the CrowdStrike Falcon platform. It advances the consolidation journey by enabling organizations to achieve greater efficiency, lower the cost of ownership and improve security outcomes.

Extend the Power of the Falcon Platform with Custom Apps

Falcon Foundry is now generally available, empowering security analysts and engineers to build custom applications that extend the functionality of the CrowdStrike Falcon® platform, using CrowdStrike’s high-fidelity data and cloud-native infrastructure.

Screenshot of Falcon Foundry's visual builder tool. Figure 1. Falcon Foundry’s intuitive, visual builder allows app developers to choose the optimal building blocks for their application.

Security teams can easily build custom applications with a unified homepage experience, intuitive visual builder and access to modern low-code and no-code tools. This builder guides them through the building blocks necessary to develop an application before it is released and installed. A new learn page allows app developers to easily access guided documentation and step-by-step tutorials. 

Some of the applications that can be built with Falcon Foundry include:

  • Productivity Apps: These applications extend the Falcon platform and its modules to enhance teams’ productivity and bring critical information where it’s needed, typically to a small number of users within the security team. For example, this could be a UI extension of an existing Falcon platform page that presents enrichments and context from a third-party vendor. 
  • Transformational Apps: These more complex applications deliver higher business value with new functionality and are designed for use by the broader security team and across departments. They typically include a data model, user interface, workflow automation and role-based access control.
  • Custom Actions: Falcon Foundry powers the configuration of API integrations, which enables it to connect and import actions from cloud-based, third-party tools. This functionality can be used to create data connectors and workflow templates to accelerate a CrowdStrike Falcon® Next-Gen SIEM deployment.

Additionally, Falcon Foundry provides customizable out-of-the-box templates, created by CrowdStrike and select technology partners, to accelerate app creation. Partner-created app templates benefit from seamless technology integration to deploy common security use cases and maximize the existing technology ecosystem.

Innovative Capabilities in Falcon Foundry

With its general availability, Falcon Foundry is introducing new capabilities that empower security teams to build applications on their terms. These new capabilities include:

  • Custom Workflow Automation Actions: Deploy new custom CrowdStrike Falcon® Fusion SOAR integration templates for third-party IT and security products. Falcon Foundry can now extend the scope of workflow automation to create new third-party response actions to dramatically accelerate response actions.
  • Share Applications with the Crowd: Share applications across the community with new export and import capabilities that help customers rapidly adopt new innovations or customize them for their own environments.
  • Advanced Visual Response Script Builder: Transform the creation of advanced Falcon Real Time Response (RTR) scripts with an intuitive visual builder, which can accelerate and scale the ability to take direct action on endpoints to mitigate threats or get instant forensics with custom scripts. 

 

Screenshot showing Logic functions in Falcon Foundry Figure 2. Define the logic of your application with no-code and low-code modern development tools such as Falcon Fusion SOAR, Falcon Real Time Response and FaaS functions.
  • Multiple API Integrations per App: Enable enrichment use cases by enhancing CrowdStrike data with inputs from third-party vendors and proprietary operational data, available via multiple API integrations within one app.
  • Complete Application Management: Falcon Foundry has new advanced application dependency management capabilities. These ensure no app, artifact or integration can be deleted or uninstalled if it would result in breaking changes, and they provide detailed context on app deployment issues. This feature aids in maintaining app stability by helping to quickly resolve dependencies or deployment errors and prevent downstream issues.
Screenshot showing an app overview in Falcon Foundry Figure 3. Falcon Foundry allows you to easily edit and troubleshoot the different application components to successfully release and install an application.
  • App Deployment Version Preview: Assess the UI experience of your apps before going live with the new preview mode for app deployments. This feature enhances the development process by allowing a direct, interactive preview of dashboards, UI extensions, pages and navigation, ensuring each deployment is fine-tuned to deliver the best outcome possible.
  • Zscaler App Template: CrowdStrike partnered with Zscaler to deliver our first partner-created app template, which enables mutual customers to enhance their perimeter security through advanced monitoring and threat detection. The API-based integration leverages custom actions from Zscaler Cloud Service API and workflow automation from Falcon Fusion SOAR to create a continuous feedback loop and coordinated response mechanism to achieve more effective inline blocking.

Unify Your Security Efforts with CrowdStrike

As SOC teams struggle with growing technology sprawl, the need for security consolidation has become crucial. CrowdStrike’s roadmap to deliver the AI-native SOC empowers teams to achieve this consolidation on the industry-leading Falcon platform. With Falcon Foundry, SOC teams now have the ability to customize and maximize their CrowdStrike deployment with applications they develop to meet their unique challenges.

Additional Resources

Breaches Stop Here