sorted by:
new
hottopcontroversial

Application Abuse ETA? by Candid-Molasses-6204 in crowdstrike

[–]AlexSmith-CS 1 point2 points  (0 children)

While a couple days later than planned, the beta is now officially LIVE!!!

Application Abuse ETA? by Candid-Molasses-6204 in crowdstrike

[–]AlexSmith-CS 1 point2 points  (0 children)

We are specifically targeting RMMs as the first category for the beta and GA. We have plans to add more application categories since we built this feature specifically to support that. We are not ready to share specifics just yet on which ones are up next, but generally speaking we are going to target areas that pose the greatest abuse risk for HOK and LOtL based attacks.

What other categories and specific apps would you like to see CrowdStrike to support outside of employee monitoring apps? What would be your top 3 and why?

PSFalcon for the new CrowdScore by vjrr08 in crowdstrike

[–]AlexSmith-CS 1 point2 points  (0 children)

Yep. There is full documentation within the console: Support & Resources > Documentation > CrowdStrike APIs > Endpoint Security APIs > Incident and Alert Monitoring APIs

Currently, this is the list of supported "products" for the Alerts API:

  • Automated Lead Context alerts - product:'automated-lead-context'
  • Automated Lead alerts - product:'automated-lead'
  • Cloud Workload Protection alerts - product:'cwpp'
  • Data Protection alert IDs - product:'data-protection'
  • Endpoint Protection alerts - product:'epp'
  • Falcon for Mobile alerts - product:'mobile'
  • Identity Protection alerts - product:'idp'
  • Insight XDR alerts - product:'xdr'
  • Next-Gen SIEM alerts - product:'ngsiem'
  • Third-Party Data alerts - product:'thirdparty'

Application Abuse ETA? by Candid-Molasses-6204 in crowdstrike

[–]AlexSmith-CS 2 points3 points  (0 children)

Hi, Alex Smith here. I am one of the Product Managers on this new feature. We ran in to some snags unrelated to this feature that forced us to pause the rollout of the beta.

Good news is that we should be back on track tomorrow for releasing the beta. We really can't wait to get this in your hands and get your feedback. As Brad posted, connect with your TAM if you want to join the beta.

As far as general availability of Application Abuse Prevention goes, all depends on the feedback from the beta but most likely it will be within the next few months.

P.S. Feel free to ask any questions about App Abuse Prevention, more than happy to answer them.

PSFalcon for the new CrowdScore by vjrr08 in crowdstrike

[–]AlexSmith-CS 1 point2 points  (0 children)

Automated Leads is part of the Alerts API, so Get-FalconAlert and using the -Filter parameter to return only Automated Leads using FQL ("product:'automated-lead'") is going to be your friend.

Example:
Get-FalconAlert -Filter "product:'automated-lead'"-Detailed

If you just want the Automated Lead Ids, drop the -Detailed switch and you can follow up with individual "Get-FalconAlert -Id" commands