Integration Name | Description |
---|---|
Amazon Built In | Use Amazon Built-In to register the AWS Organization or Control Tower with CrowdStrike Cloud Security. |
AWS CloudFormation or Terraform | Use CloudFormation or Terraform templates to register the AWS Organization with CrowdStrike Cloud Security. |
Integration Name | Description |
---|---|
AWS CloudTrail Lake with CrowdStrike | Leverage the CrowdStrike Falcon Streaming API to log and store user activity data from the Falcon console in a seamless and efficient way with AWS CloudTrail Lake. |
AWS Network Firewall with CrowdStrike Threat Intelligence | Build capabilities such as automated blocking of malicious domains (via AWS Network Firewall) based on CrowdStrike detection alerts, or perform threat hunting derived from CrowdStrike domain-based Indicators of Activity (IOAs). |
AWS PrivateLink with CrowdStrike Sensor Proxy | Leverage AWS PrivateLink to provide private connectivity between your CrowdStrike-protected workloads and the CrowdStrike cloud. |
AWS Security Hub with CrowdStrike Event Streams API | The Falcon Integration Gateway publishes detections identified by CrowdStrike Falcon for instances residing within Amazon Web Services (AWS) to AWS Security Hub. |
Amazon S3 Protected Bucket with CrowdStrike Quick Scan API | S3 Bucket Protection secures your Amazon S3 buckets by scanning files as they are uploaded using the CrowdStrike Quick Scan API. |
AWS Verified Access with CrowdStrike Zero Trust Assessment (ZTA) | Using CrowdStrike ZTA, we provide customers the ability to assess their endpoint security posture, allowing AWS Verified Access to provide conditional access to private applications that comply to your organization's device posture policies. |
Amazon Security Lake with CrowdStrike Falcon Data Replicator (FDR) | Transforms your CrowdStrike FDR data into OCSF (Open Cybersecurity Schema Framework) and ingests it into your Amazon Security Lake for centralized management of your security-related logs. |
Integration Name | Description |
---|---|
AWS Autoscale Groups for Auto Register/Deregister | Utilize AWS Autoscale Groups to install the CrowdStrike Falcon Sensor during virtual machine initialization, and AWS Autoscale Lifecycle hooks to deregister the instance with CrowdStrike upon virtual machine termination. |
AWS EventBridge and AWS State Manager | Leverage AWS EventBridge and AWS Systems Manager State Manager to manage the deployment of the Falcon Agent and the removal of stale sensors. |
AWS Systems Manager Parameter Store with PowerShell Sensor Installation Script | Sample automation which leverages AWS Systems Manager Parameter Store to store CrowdStrike API credentials. These credentials are passed into a Microsoft PowerShell script to bootstrap the CrowdStrike Falcon Sensor for Windows during a Windows virtual machine's first boot process. |
AWS Systems Manager with Linux BASH Sensor Installation Script | POSIX script that will install CrowdStrike sensor. The script is current tailored to the use within AWS Systems Manager, but can be used outside the Systems Manager. |
AWS Terraform Template for Sensor Installation | Sample AWS Terraform template that builds a test VPC, creates an Ubuntu-based web server, and automatically installs the CrowdStrike Falcon sensor into the virtual machine. |
Integration Name | Description |
---|---|
EC2 Isolation Webhook | Isolate a potentially compromised EC2 instance through an API endpoint while it's undergoing an incident response investigation. |
Name | Description |
---|---|
Container Runtime Protection | Guides to deploying CrowdStrike Falcon on containers and Kubernetes centric AWS services |