> ## Documentation Index
> Fetch the complete documentation index at: https://docs.allquiet.app/llms.txt
> Use this file to discover all available pages before exploring further.
# CrowdStrike
> Connect CrowdStrike Falcon with All Quiet
Setup time: 5 Min
Integrate Crowdstrike Falcon with All Quiet in a matter of minutes. With webhooks, you can automatically send alerts from CrowdStrike Falcon directly to All Quiet, streamlining your team's incident management process.
## 1. Create CrowdStrike Integration on All Quiet
Sign in to your All Quiet account.
### Create Integration
1. Click on the `Inbound Integrations` tab.
2. Click on `+ Create`.
### Select CrowdStrike as the integration's type
1. Enter a `Display Name` for your integration, e.g. "CrowdStrike".
2. Select a `Team`.
3. Select `CrowdStrike` as the integration's type.
4. Click `Create Inbound Integration`.
### Get the All Quiet Webhook URL
After creating the integration on All Quiet, you can view and copy the webhook URL. You will require this URL in step 2 when configuring the custom integration on CrowdStrike.
## 2. Configure the Integration with CrowdStrike
Once you've set up an integration of type "CrowdStrike" with All Quiet, it takes only three more steps in your CrowdStrike account to finish off your setup.
### Set up the Webhook to All Quiet
Sign in to your CrowdStrike Account.
We first need to create the Webhook
1. From the home screen, open the side navigation and select `CrowdStrike Store`
2. Select `All apps`
1. In the store, search for \`Webhook\`\`
2. Select the `CrowdStrike Webhook`
1. Click `Configure`
2. Select `Add configuration`
1. Select a name for you Webhook, like `All Quiet`
2. As `Webhook URL`, paste in the All Quiet Webhook URL you've obtained in step [Get the All Quiet Webhook URL](/integrations/inbound/crowdstrike#get-the-all-quiet-webhook-url).
3. **Remove** the `HMAC Secret Keys`
4. **Remove** the `Signature Header Name`
5. Save the Webhook.
You've successfully created the Webhook. Next, we need to set up a workflow to create All Quiet incidents from CrowdStrike, using the Webhook.
### Set up Workflow for Incident Creation
Now, we need to set up a workflow to **create** All Quiet incidents from CrowdStrike.
1. In the sidebar navigation, select \`Fusion SOAR\`\`
2. Open `Workflows`
In the workflows overview, select `Create workflow`
1. Select `Create workflow from scratch`
2. Click `Next`
Define the trigger. To select a trigger that creates new incidents,
1. open the `Endpoint security` section
2. and select `Alert` / `Detection`. This [selection differs from the worflow we will create later to update incidents that already got created](/integrations/inbound/crowdstrike#set-up-workflow-for-incident-updates)
In the latest version of CrowdStrike Falcon Fusion, the “Alert” trigger has been renamed to “Detection.” If you encounter references to “Alert” in the information below, look for “Detection” instead in your current version of CrowdStrike.
1. After selecting `Alert` / `Detection` click `Next`.
1. Now, we need to add an `Action` to the triggering alert / detection.
2. Select the `CrowdStrike` section.
3. Select `Call webhook`.
Now, we need to configure the `Call webhook` action.
1. As Webhook, select the `All Quiet` Webhook we configured in the [previous step](/integrations/inbound/crowdstrike#set-up-the-webhook-to-all-quiet).
2. For Data format, select `Default`.
3. As Data to include, select **all `Alert` objects / all `Detection` objects** from the dropdown and add them.
4. Click `Next`.
We're almost done with this step. Time to `Save and exit` the workflow.
To `save and exit`,
1. Give your worflow a name, like `All Quiet Create Incident`
2. Don't forget to activate it.
3. Confirm.
You're now able to create All Quiet incidents from CrowdStrike. In order to being able to update - e.g resolve - them from CrowdStrike, we need to add an extra, pretty similar workflow in the next step.
### Set up Workflow for Incident Updates
Add an extra Workflow.
1. This time, select `Audit event > Alert` / `Audit event > Detection` as trigger, as we want to listen to updates for existing incidents.
1. As we want to listen to all kinds for updates, select `All` as type and continue.
After setting up the trigger, add the similar action with the same settings as in the previous step when defining the [workflow to create incidents](/integrations/inbound/crowdstrike#set-up-workflow-for-incident-creation). This ensures incident updates are sent to All Quiet via the same webhook.
When saving the workflow
1. Make sure to add a suitable name, like `All Quiet - Update Incident`.
2. Activate the workflow.
3. And click `Save and exit` to confirm.
You're ready to go. If you set up your integration this way, CrowdStrike alerts / detections will automatically create and update All Quiet incidents.
### Adjust Payload Mapping
Looking to customize the fields of your incidents by adjusting the pre-built payload mapping? Simply head over to the “Payload” tab within your integration and make the necessary edits to the mapping. For detailed guidance, you may check out our [payload mapping documentation](/essentials/inbound#how-does-attribute-mapping-work).
Using our Terraform provider? [Download](https://allquiet.app/api/integrations/terraform/default/CrowdStrike.tf) the default mapping of the `allquiet_integration_mapping` resource for the CrowdStrike integration. Simply copy the syntax to your .tf file and tailor the resource to your team's needs!