Guides

CrowdStrike

This is a detailed guide on implementing a Crowdstrike Fusion workflow that will auto-close Prelude originating detections.

Suggest Edits
  1. Download the two following .yaml files
  2. In the Crowdstrike Console, navigate to "Fusion SOAR" and select "Workflows"
  3. Select "Create Workflow", then choose "Import Workflow"
  4. Select "Upload Workflow file" and import the two files downloaded in step 1
  5. Change the last sleep in the second workflow(Prelude Alert Suppression_2) to an alerting action such a "Send Email" or "Send Slack" (see screenshot below). This will ensure that you get notified for any non Prelude alerts.

Updated 6 months ago