Connect CrowdStrike Falcon with All Quiet
Integrations > Inbound
tab.Create New Integration
.CrowdStrike Falcon
.CrowdStrike
as the integration’s type.Create Inbound Integration
.CrowdStrike Store
All apps
CrowdStrike Webhook
Configure
Add configuration
All Quiet
Webhook URL
, paste in the All Quiet Webhook URL you’ve obtained in step Get the All Quiet Webhook URL.HMAC Secret Keys
Signature Header Name
Workflows
Create workflow
Create workflow from scratch
Next
Endpoint security
sectionAlert
. This selection differs from the worflow we will create later to update incidents that already got createdAlert
click Next
.Action
to the triggering alert.CrowdStrike
section.Call webhook
.Call webhook
action.
All Quiet
Webhook we configured in the previous step.Default
.Alert
objects from the dropdown and add them.Next
.Save and exit
the workflow.
save and exit
,
All Quiet Create Incident
Audit event > Alert
as trigger, as we want to listen to updates for existing incidents.All
as type and continue.All Quiet - Update Incident
.Save and exit
to confirm.allquiet_integration_mapping
resource for the CrowdStrike integration. Simply copy the syntax to your .tf file and tailor the resource to your team’s needs!