The CrowdStrike Demo Falcon Integration Gateway for GCP
Project description
falcon-integration-gateway 
Falcon Integration Gateway (FIG) forwards threat detection findings from CrowdStrike Falcon platform to the backend of your choice.
Detection findings generated by CrowdStrike Falcon platform inform you about suspicious files and behaviors in your environment. You will see detections on a range of activities from the presence of a bad file (indicator of compromise (IOC)) to a nuanced collection of suspicious behaviors (indicator of attack (IOA)) occurring on one of your hosts or containers. You can learn more about the individual detections in Falcon documentation.
This project facilitates the export of the individual detections from CrowdStrike Falcon to third-party security dashboards (so called backends). The export is useful in cases where security operation team workflows are tied to given third-party solution to get early real-time heads-up about malicious activities detected by CrowdStrike Falcon platform.
Currently available backends are:
| Backend | Description | Deployment Guide(s) | Developer Guide(s) |
|---|---|---|---|
| AWS | Pushes events to AWS Security Hub | Coming Soon | AWS backend |
| Azure | Pushes events to Azure Log Analytics | Azure backend | |
| Chronicle | Pushes events to Google Chronicle |
|
Chronicle backend |
| GCP | Pushes events to GCP Security Command Center |
|
GCP backend |
| Workspace ONE | Pushes events to VMware Workspace ONE Intelligence | Coming Soon | Workspace ONE backend |
Deployment
There are 3 options available for the deployment.
Installation to kubernetes using the existing deployment guides
Please refer to various deployment guides to the above table.
Installation to kubernetes using the helm chart
Please refer to helm chart documentation
Manual Installation and Removal
Falcon Integration Gateway (FIG) is available on the Python Package Index.
Installation
FIG can be installed with a single command.
python3 -m pip install falcon-integration-gateway
or
pip3 install falcon-integration-gateway
Upgrades
Upgrading to the latest release is also straightforward.
python3 -m pip install falcon-integration-gateway --upgrade
or
pip3 install falcon-integration-gateway --upgrade
Removal
To remove Falcon Integration Gateway, execute the following command.
python3 -m pip uninstall falcon-integration-gateway
or
pip3 uninstall falcon-integration-gateway
Statement of Support
Falcon Integration Gateway (FIG) is an open source project, not CrowdStrike product. As such it carries no formal support, expressed or implied.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for falcon-integration-gateway-3.1.0.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 3c40e03d089fc17d9335e85b83fdebb33676795b7226060720bcdd983cd51893 |
|
| MD5 | d74c84f1b2c43ae3ad98a01b14419edc |
|
| BLAKE2b-256 | b2ce86f2eab19fc0c32ca032f97d4560869aec521b0ef9a35a2742bed09b3156 |
Hashes for falcon_integration_gateway-3.1.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a06fab53d1d8e222252b3f248c7dd83be5b67d7a00f195b3916028b0651a8201 |
|
| MD5 | 8ee4a6fb41b8562f3b3cfaf47e15c7b1 |
|
| BLAKE2b-256 | d80f607aecd048ba7c697fe81b008fa3a443da72d317e6ff3c971649eeedd7dc |
