The CrowdStrike Demo Falcon Integration Gateway for GCP
Project description
falcon-integration-gateway 
Falcon Integration Gateway (FIG) forwards threat detection findings and audit events from the CrowdStrike Falcon platform to the backend of your choice.
Detection findings and audit events generated by CrowdStrike Falcon platform inform you about suspicious files and behaviors in your environment. You will see detections on a range of activities from the presence of a bad file (indicator of compromise (IOC)) to a nuanced collection of suspicious behaviors (indicator of attack (IOA)) occurring on one of your hosts or containers. You can learn more about the individual detections in Falcon documentation.
This project facilitates the export of the individual detections and audit events from CrowdStrike Falcon to third-party security dashboards (so called backends). The export is useful in cases where security operation team workflows are tied to given third-party solution to get early real-time heads-up about malicious activities or unusual user activities detected by CrowdStrike Falcon platform.
Backends w/ Available Deployment Guide(s)
| Backend | Description | Deployment Guide(s) | Developer Guide(s) |
|---|---|---|---|
| AWS | Pushes events to AWS Security Hub | Coming Soon | AWS backend |
| AWS_SQS | Pushes events to AWS SQS | Coming Soon | AWS SQS backend |
| Azure | Pushes events to Azure Log Analytics | Azure backend | |
| Chronicle | Pushes events to Google Chronicle |
|
Chronicle backend |
| GCP | Pushes events to GCP Security Command Center |
|
GCP backend |
| Workspace ONE | Pushes events to VMware Workspace ONE Intelligence | Coming Soon | Workspace ONE backend |
Alternative Deployment Options
:exclamation: Prior to any deployment, ensure you refer to the configuration options available to the application :exclamation:
Installation to Kubernetes using the helm chart
Please refer to the FIG helm chart documentation for detailed instructions on deploying the FIG via helm chart for your respective backend(s).
Manual Installation and Removal
With Docker/Podman
To install as a container:
- Pull the image
docker pull quay.io/crowdstrike/falcon-integration-gateway:latest
- Run the application in the background passing in your backend CONFIG options
docker run -d --rm \ -e FALCON_CLIENT_ID="$FALCON_CLIENT_ID" \ -e FALCON_CLIENT_SECRET="$FALCON_CLIENT_SECRET" \ -e FALCON_CLOUD_REGION="us-1" \ -e FIG_BACKENDS=<BACKEND> \ -e CONFIG_OPTION=CONFIG_OPTION_VALUE \ quay.io/crowdstrike/falcon-integration-gateway:latest
- Confirm deployment
docker logs <container>
From Git Repository
-
Clone the repository
git clone https://github.com/CrowdStrike/falcon-integration-gateway.git
-
Modify the
./config/config.inifile with your backend options -
Run the application
python3 -m fig
Developers Guide
Statement of Support
Falcon Integration Gateway (FIG) is an open source project, not CrowdStrike product. As such it carries no formal support, expressed or implied.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for falcon-integration-gateway-3.1.3.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 742f2d289b811d309802ae959ee438ba47071b51a8d3098bfcb6abdebda152dc |
|
| MD5 | 8692f2202ee1e650de6537da2ef70144 |
|
| BLAKE2b-256 | 47567b6fea68b8c2a9a08ad0f2c2f62b47dd642bff78c0d17187bf43ed4aa393 |
Hashes for falcon_integration_gateway-3.1.3-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | e51d635aff105000bfb1d43f438bf9a219812eb4c794559072cd474e201884ab |
|
| MD5 | ed0519669116ad889efe321b62879751 |
|
| BLAKE2b-256 | bde5e6ad4bc654bad5ca5ec0f08cd7ca0417f382f4517b565d5e9fb134d5c594 |
