Cisco Security and CrowdStrike

CrowdStrike secures the most critical areas of enterprise risk – endpoints and cloud workloads, identity, and data – to keep customers ahead of today’s adversaries and stop breaches. Powered by the CrowdStrike Security Cloud, the CrowdStrike Falcon Platform leverages real-time indicators of attack, threat intelligence on evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities – all through a single, lightweight agent. Together, CrowdStrike and Cisco help protect organizations through valuable integrations connecting processes, tools and teams.

Product Integrations

Cisco XDR: In Cisco XDR, we enable CrowdStrike users to leverage it for threat hunting and investigation features as well as rapid response actions to understand and defend against threats on the endpoint. It also provides important device inventory context to help triage detected threats.

Use the CrowdStrike integration to query for security detections of many different observables including file, network, email, host, and process identifiers, as well as to add MD5 and SHA-256 file hashes, IPv4 and IPv6 addresses, and domain names to blocklists, and isolate specific hosts from the network. This integration can also provide host and vulnerability information to Cisco XDR for triaging detections and incidents.

Note: This integration requires Cisco XDR Advantage or XDR Premier licensing tier.

Secure ASA: CrowdStrike Falcon Insight XDR ingests cross-domain telemetry from Cisco Adaptive Security Appliance (ASA), to enable unified and threat-centric detection across an organization’s infrastructure.

Secure Email: CrowdStrike Falcon Insight XDR ingests telemetry from Cisco Secure Email Gateway.