Extend Threat Visibility With Humio's Integration With CrowdStrike's Indicators of Compromise (IOCs)

Learn how Humio's integration with CrowdStrike's IOC database and threat feed helps customers secure their infrastructure using logs

December 07, 2021

| | Next-Gen SIEM & Log Management
This blog was originally published Oct. 1, 2021 on humio.com. Humio is a CrowdStrike Company.

What is an indicator of compromise (IOC)?

An indicator of compromise (IOC) is a piece of digital forensics that suggests that an endpoint or network may have been breached. The ability to monitor for indicators of compromise is critical to a comprehensive cybersecurity strategy, bringing improved detection accuracy and speed, along with faster remediation times. Pairing CrowdStrike's database of thousands of IOCs with Humio's comprehensive

 

log management

 

solution provides the visibility and context needed to identify the root cause of a breach and more efficiently manage and mitigate threats.

What is the Humio integration with CrowdStrike's indicators of compromise?

The Humio integration with CrowdStrike's indicators of compromise (IOCs) keeps an updated database of IOCs and runs customer logs against them, notifying customers if there are any matches. The integration

 

is free to new and existing Humio customers for all paid versions of Humio

 

and delivers observability of malicious data, including domain names, URLs and IP addresses. By combining all the logs in Humio with CrowdStrike’s comprehensive IOCs, customers in DevOps, ITOps and SecOps teams can increase their speed in identifying and stopping breaches.

How does the integration work?

The IOC database is exposed as a query function (https://docs.humio.com/reference/query-functions/functions/ioc-lookup/) that adds the metadata from the IOCs to logs in Humio via a query or parser. The database is updated hourly for as long as the customer has a valid subscription. The updates are communicated as "updates to the IOC database" and details about the updates appear a customer’s license page.

What are the benefits of the IOC integration?

When a system is under attack or breached, logs are invaluable for understanding where the vulnerability is coming from, whether it’s a flaw in the product or infrastructure. However, most DevOps, ITOps and SecOps teams don’t store all their logs because it’s too costly. Humio enables customers to log everything in real time and at scale. By combining all the logs in Humio with CrowdStrike’s industry-leading IOC database, this integration enables organizations to protect their systems while lowering total cost of ownership and accelerating root cause analysis, exposing potential flaws or threats in customers' products and environments.

How do I access the integration?

This integration is available and automatically included for all paid version of Humio. To get started with IOCs and see some sample dashboards and searches using the IOC Lookup feature, check out the IOC package from the Humio Marketplace (accessible from within the Humio product; select Settings, Packages and then Marketplace.) Together, Humio and CrowdStrike are helping customers protect their systems and turn their log data into meaningful, contextual insights.

Additional resources:
Breaches Stop Here
Related Content
Falcon Foundry: Build Custom Apps to Solve Tough Security Challenges
Falcon Foundry: Build Custom Apps to Solve Tough Security Challenges
Top FAQs about CrowdStrike Falcon Next-Gen SIEM
Top FAQs about CrowdStrike Falcon Next-Gen SIEM
Detecting Microsoft Entra ID Primary Refresh Token Abuse with Falcon Next-Gen SIEM
Detecting Microsoft Entra ID Primary Refresh Token Abuse with Falcon Next-Gen SIEM