Help
FortiSOAR Discussions
SWATHI_KV
New Contributor

Created on ‎05-26-2021 02:21 AM

"prevent" action with Crowdstrike connector

Has anyone tried to upload ioc into crowdstrike console with policy as "prevent".
I am getting error when I do this as "inavalid policy"
But the crowdstrike Doc Says "prevent" is supported

Regrads,
Swathi
719
0 Kudos
2 REPLIES 2
Christopher_Ichelson
New Contributor II

Created on ‎05-26-2021 05:55 AM

Reach out to Crowdstrike Support.  A lot of times they have to enable the specific functions in the api to work.  Also what version of Crowdstrike are you running.  We also run Crowdstrike for some of our customers.

 

Is your connector connecting at all?

 

--

Chris Ichelson

360 SOC, an HTG 360 Inc. Company
Direct: 480-685-8029

(O): 480-685-8028
(F): 866-278-5578
(M): 480-993-6941



Need to Send Me a Secure File or Secure Email by using my SendSafely Link:  Click Here to Send Now 
 

Notice:  360 SOC is a division of HTG 360, Inc.  This message and any attachments are confidential and may also be legally privileged. If you are not the intended recipient, please notify the sender immediately. You must not copy this message or use it for any purpose nor publish or disclose its contents to any other person.

 

 



-------------------------------------------
Original Message:
Sent: 5/26/2021 5:21:00 AM
From: SWATHI
Subject: "prevent" action with Crowdstrike connector

Has anyone tried to upload ioc into crowdstrike console with policy as "prevent".
I am getting error when I do this as "inavalid policy"
But the crowdstrike Doc Says "prevent" is supported

Regrads,
Swathi
719
0 Kudos
Prerna
Staff
Staff

Created on ‎05-27-2021 05:34 AM

Hello Swathi,
FortiSoar CrowdStrike connector uses https://api.crowdstrike.com/indicators/entities/iocs/v1 endpoint to Upload/Create the Custom IOC's.
AFAIK this endpoint supports only two types of values currently for policy. i.e.
> detect: Enable detections for this custom IOC
> none: Disable detections for this custom IOC
CrowdStrike mentioned the supported policy types at https://developer.crowdstrike.com/crowdstrike/docs/custom-ioc-api

It would be good if you share the FortiSOAR connector version that you are testing? And also let me know if there is any new CrowdStrike API document?-------------------------------------------
Original Message:
Sent: May 26, 2021 02:20 AM
From: SWATHI KV
Subject: "prevent" action with Crowdstrike connector

Has anyone tried to upload ioc into crowdstrike console with policy as "prevent".
I am getting error when I do this as "inavalid policy"
But the crowdstrike Doc Says "prevent" is supported

Regrads,
Swathi
719
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.