Links

CrowdStrike

Integrating your CrowdStrike account with Resmo provides valuable insights into your organization's cybersecurity posture. CrowdStrike is a leading endpoint security platform that offers a range of features, such as threat detection, prevention, and response. Resmo can collect and analyze data from CrowdStrike, which can be useful for monitoring security incidents, managing security configurations, and ensuring adherence to best practices.
Using Resmo's SQL query capabilities, users can ask complex questions about their CrowdStrike data, such as:
  • Which users have specific roles and permissions within the CrowdStrike platform?
  • How many hosts are in the system, and what are their configurations, policies, and group memberships?
  • What are the details of device control, firewall, prevention, response, and sensor update policies?
  • How many detections have occurred, and what are their associated behaviors, severity levels, and statuses?
  • What are the configurations of sensors and their versions, file types, and associated platforms?
Setting up change alerts can be helpful for monitoring critical changes in your CrowdStrike data. For example:
  • Get notified when a new user is added, a role is changed, or permissions are updated.
  • Receive an alert when a host's status, policies, or group memberships are modified.
  • Get notified when a new device control, firewall, prevention, response, or sensor update policy is created, updated, or deleted.
  • Receive an alert when a detection's status changes or when new detections are found.
  • Get notified when a sensor is updated, added, or removed from the platform.
In conclusion, integrating your CrowdStrike account with Resmo provides valuable insights into your organization's cybersecurity posture. By leveraging Resmo's SQL query capabilities and change alerting, you can stay on top of important changes and ensure that your CrowdStrike configurations are optimized for maximum security and effectiveness.
Resources
Key
Supports Events
Detection
Device Control Policy
Firewall Policy
Host
Host Group
Prevention Policy
Response Policy
Sensor
Sensor Update Policy
User
User Role