Since the inception of the CrowdStrike Falcon® platform, an API-first approach has always been a key strategy for providing customers with a robust solution that can easily integrate into any existing technology ecosystem. In addition to leveraging APIs directly, a number of native integrations have been made available to joint customers. These plug-and-play integrations allow for immediate value, without the investment of time and resources for development and maintenance. Today, CrowdStrike® is pleased to announce the release of two new integration apps available on the ServiceNow store. ServiceNow is a leading provider of IT Service Management solutions and offers a wide variety of products that many CrowdStrike Falcon® customers use.
The two integrations allow for consumption of security alerts from the CrowdStrike Falcon® platform into ServiceNow. Customers only using the ServiceNow ITSM Incident Management module, will simply need to install the “CrowdStrike Falcon® Endpoint” app available on the ServiceNow store site. For customers that are leveraging the added functionality of ServiceNow’s Security Operations module, installing the extension app “CrowdStrike Falcon® Endpoint For Security Operations” in addition to the base app, will allow for the
creation of ServiceNow security incidents as well. If you’re a user of the Security Operations module, there are also two additional plugins made available directly within ServiceNow that provide valuable integration with CrowdStrike.
- CrowdStrike Falcon® Intelligence integration — This plugin provides enrichment data for security incidents and associated observables and also allows for intelligence lookup workflows.
- CrowdStrike Falcon® Host Integration — This plugin allows you to add observables from a security incident into a watchlist. It uploads the IOCs in question to the Falcon platform for ongoing monitoring and if any activity is identified related to these indicators, a new alert is triggered.
- Centralized workflow and tracking of security incidents
- Increased context provided by correlation with attributes from CMDB and other open incident records
- Improved capabilities for incident prioritization and notification.