Login

u/1mpervious

▲ 4 r/crowdstrike

I'm sending custom IOCs to CrowdStrike from my threat intelligence platform. I'd like to query the fields within the custom IOC table for a custom NG-SIEM detection. I see an OOTB lookup file called cs_customioc_lookup.csv, but it doesn't include all of the fields in the custom IOC interface. What is the best way to access the full data from the custom IOC?

Is there a way to query the custom IOC REST API from a NG-SIEM query? Do I need to create my own lookup file with a Falcon Fusion flow? Something else?

reddit.com
u/1mpervious — 10 days ago