Setup time: 5 Min
1. Create CrowdStrike Integration on All Quiet
Sign in to your All Quiet account.Create Integration
- Click on the
Integrations > Inbound
tab. - Click
Create New Integration
.

Select CrowdStrike as the integration’s type
- Enter a display name for your integration, e.g.
CrowdStrike Falcon
. - Select a team.
- Select
CrowdStrike
as the integration’s type. - Click
Create Inbound Integration
.

Get the All Quiet Webhook URL
After creating the integration on All Quiet- you can view and copy the webhook URL. You will require this URL in step 2 when configuring the custom integration on CrowdStrike.

2. Configure the integration with CrowdStrike
Once you’ve set up an integration of type “CrowdStrike” with All Quiet, it takes only three more steps in your CrowdStrike account to finish off your setup.Set up the Webhook to All Quiet
Sign in to your CrowdStrike Account. We first need to create the Webhook- From the home screen, open the side navigation and select
CrowdStrike Store
- Select
All apps

- In the store, search for `Webhook“
- Select the
CrowdStrike Webhook

- Click
Configure
- Select
Add configuration

- Select a name for you Webhook, like
All Quiet
- As
Webhook URL
, paste in the All Quiet Webhook URL you’ve obtained in step Get the All Quiet Webhook URL. - Remove the
HMAC Secret Keys
- Remove the
Signature Header Name
- Save the Webhook.

You’ve successfully created the Webhook. Next, we need to set up a workflow to create All Quiet incidents from CrowdStrike, using the Webhook.
Set up Workflow for Incident Creation
Now, we need to set up a workflow to create All Quiet incidents from CrowdStrike alerts.- In the sidebar navigation, select `Fusion SOAR“
- Open
Workflows

Create workflow

- Select
Create workflow from scratch
- Click
Next

- open the
Endpoint security
section - and select
Alert
. This selection differs from the worflow we will create later to update incidents that already got created

- After selecting
Alert
clickNext
.

- Now, we need to add an
Action
to the triggering alert. - Select the
CrowdStrike
section. - Select
Call webhook
.

Call webhook
action.
- As Webhook, select the
All Quiet
Webhook we configured in the previous step. - For Data format, select
Default
. - As Data to include, select all
Alert
objects from the dropdown and add them. - Click
Next
.

Save and exit
the workflow.

save and exit
,
- Give your worflow a name, like
All Quiet Create Incident
- Don’t forget to activate it.
- Confirm.

You’re now able to create All Quiet incidents from CrowdStrike. In order to being able to update - e.g resolve - them from CrowdStrike, we need to add an extra, pretty similar workflow in the next step.
Set up Workflow for Incident Updates
Add an extra Workflow.- This time, select
Audit event > Alert
as trigger, as we want to listen to updates for existing incidents.

- As we want to listen to all kinds for updates, select
All
as type and continue.


- Make sure to add a suitable name, like
All Quiet - Update Incident
. - Activate the workflow.
- And click
Save and exit
to confirm.

You’re ready to go. If you set up your integration this way, CrowdStrike alerts will automatically create and update All Quiet incidents.
Adjust Payload Mapping
Looking to customize the fields of your incidents by adjusting the pre-built payload mapping? Simply head over to the “Payload” tab within your integration and make the necessary edits to the mapping. For detailed guidance, you may check out our payload mapping documentation.Using our Terraform provider? Download the default mapping of the
allquiet_integration_mapping
resource for the CrowdStrike integration. Simply copy the syntax to your .tf file and tailor the resource to your team’s needs!