Setup time: 5 Min

Integrate Crowdstrike Falcon with All Quiet in a matter of minutes. With webhooks, you can automatically send alerts from CrowdStrike Falcon directly to All Quiet, streamlining your team’s incident management process.

1. Create CrowdStrike Integration on All Quiet

Sign in to your All Quiet account.

Create Integration

  1. Click on the Integrations > Inbound tab.
  2. Click Create New Integration.

Select CrowdStrike as the integration’s type

  1. Enter a display name for your integration, e.g. CrowdStrike Falcon.
  2. Select a team.
  3. Select CrowdStrike as the integration’s type.
  4. Click Create Inbound Integration.

Get the All Quiet Webhook URL

After creating the integration on All Quiet

  1. you can view and copy the webhook URL. You will require this URL in step 2 when configuring the custom integration on CrowdStrike.

2. Configure the integration with CrowdStrike

Once you’ve set up an integration of type “CrowdStrike” with All Quiet, it takes only three more steps in your CrowdStrike account to finish off your setup.

Set up the Webhook to All Quiet

Sign in to your CrowdStrike Account. We first need to create the Webhook

  1. From the home screen, open the side navigation and select CrowdStrike Store
  2. Select All apps
  1. In the store, search for `Webhook“
  2. Select the CrowdStrike Webhook
  1. Click Configure
  2. Select Add configuration
  1. Select a name for you Webhook, like All Quiet
  2. As Webhook URL, paste in the All Quiet Webhook URL you’ve obtained in step Get the All Quiet Webhook URL.
  3. Remove the HMAC Secret Keys
  4. Remove the Signature Header Name
  5. Save the Webhook.
You’ve successfully created the Webhook. Next, we need to set up a workflow to create All Quiet incidents from CrowdStrike, using the Webhook.

Set up Workflow for Incident Creation

Now, we need to set up a workflow to create All Quiet incidents from CrowdStrike alerts.

  1. In the sidebar navigation, select `Fusion SOAR“
  2. Open Workflows

In the workflows overview, select Create workflow

  1. Select Create workflow from scratch
  2. Click Next

Define the trigger. To select a trigger that creates new incidents,

  1. open the Endpoint security section
  2. and select Alert. This selection differs from the worflow we will create later to update incidents that already got created
  1. After selecting Alert click Next.
  1. Now, we need to add an Action to the triggering alert.
  2. Select the CrowdStrike section.
  3. Select Call webhook.

Now, we need to configure the Call webhook action.

  1. As Webhook, select the All Quiet Webhook we configured in the previous step.
  2. For Data format, select Default.
  3. As Data to include, select all Alert objects from the dropdown and add them.
  4. Click Next.

We’re almost done with this step. Time to Save and exit the workflow.

To save and exit,

  1. Give your worflow a name, like All Quiet Create Incident
  2. Don’t forget to activate it.
  3. Confirm.
You’re now able to create All Quiet incidents from CrowdStrike. In order to being able to update - e.g resolve - them from CrowdStrike, we need to add an extra, pretty similar workflow in the next step.

Set up Workflow for Incident Updates

Add an extra Workflow.

  1. This time, select Audit event > Alert as trigger, as we want to listen to updates for existing incidents.
  1. As we want to listen to all kinds for updates, select All as type and continue.

After setting up the trigger, add the similar action with the same settings as in the previous step when defining the workflow to create incidents. This ensures incident updates are sent to All Quiet via the same webhook.

When saving the workflow

  1. Make sure to add a suitable name, like All Quiet - Update Incident.
  2. Activate the workflow.
  3. And click Save and exit to confirm.
You’re ready to go. If you set up your integration this way, CrowdStrike alerts will automatically create and update All Quiet incidents.

Adjust Payload Mapping

Looking to customize the fields of your incidents by adjusting the pre-built payload mapping? Simply head over to the “Payload” tab within your integration and make the necessary edits to the mapping. For detailed guidance, you may check out our payload mapping documentation.

Using our Terraform provider? Download the default mapping of the allquiet_integration_mapping resource for the CrowdStrike integration. Simply copy the syntax to your .tf file and tailor the resource to your team’s needs!