Falcon Integration Gateway (FIG) forwards threat detection findings from CrowdStrike Falcon platform to the backend of your choice.
Detection findings generated by CrowdStrike Falcon platform inform you about suspicious files and behaviors in your environment. You will see detections on a range of activities from the presence of a bad file (indicator of compromise (IOC)) to a nuanced collection of suspicious behaviors (indicator of attack (IOA)) occurring on one of your hosts or containers. You can learn more about the individual detections in Falcon documentation.
This project facilitates the export of the individual detections from CrowdStrike Falcon to third-party security dashboards (so called backends). The export is useful in cases where security operation team workflows are tied to given third-party solution to get early real-time heads-up about malicious activities detected by CrowdStrike Falcon platform.
Currently available backends are:
| Backend | Description | Deployment Guide(s) | Developer Guide(s) |
|---|---|---|---|
| AWS | Pushes events to AWS Security Hub | Coming Soon | AWS backend |
| Azure | Pushes events to Azure Log Analytics | Azure backend | |
| Chronicle | Pushes events to Google Chronicle |
|
Chronicle backend |
| GCP | Pushes events to GCP Security Command Center |
|
GCP backend |
| GCP | Pushes events to GCP Security Command Center |
|
GCP backend |
| Workspace ONE | Pushes events to VMware Workspace ONE Intelligence | Coming Soon | Workspace ONE backend |
Falcon Integration Gateway (FIG) is an open source project, not CrowdStrike product. As such it carries no formal support, expressed or implied.