CrowdStrike IOC Feed Integration

Updated
  • Updated on Aug 18, 2025
  • Published on Mar 3, 2025
  • 1 minute(s) read
Prev Next

Use the CrowdStrike integration with Silent Push to ingest live threat intelligence feeds from CrowdStrike into the Silent Push platform, and then enrich these feeds with Silent Push’s proprietary data.

The CrowdStrike integration with Silent Push enables customers to:

  • Ingest Live Threat Data: Receive real‐time feeds from CrowdStrike’s advanced endpoint intelligence.

  • Enrich with Additional Context: Automatically enhance CrowdStrike feeds with Silent Push’s proprietary data.

  • Streamline Response Workflows: Integrate enriched threat intelligence into SIEM, SOAR, or TIP workflows for quicker, automated incident responses.

Benefits

Customers gain the following benefits from our CrowdStrike integration:

  • Improved Threat Detection: Retrieve real‐time, enriched threat intelligence to identify and mitigate risks more effectively.

  • Faster Incident Response: Automate your security workflows to reduce the time between detection and response.

  • Enhanced Situational Awareness: Gain a comprehensive view of potential threats by combining CrowdStrike’s data with Silent Push’s enrichment.

  • Simplified Integration: Easily incorporate enriched threat intelligence into your existing security systems with minimal disruption.

Integration

The CrowdStrike and Silent Push integration successfully supports cybersecurity workflows with the following operational process:

Data Ingestion

The system collects live threat data from CrowdStrike, ensuring you stay up-to-date with the latest intelligence. To collect the data, Silent Push customers must Create A Feed from A URL:

Configure the Feed

Use the Silent Push Feeds feature to specify the CrowdStrike data endpoint. This enables you to access threat intelligence in a standardized format.

  1. From Threat Intelligence Management, select All Feeds and then choose Create New Feed in the upper left corner, below the filters.

  2. Click From URL

  3. Add Feed name, Feed type, Vendor, and Description

  4. Add CrowdStrike URL:

    1. Domains: https://api.crowdstrike.com/intel/combined/indicators/v1?filter=type:'domain'

    2. IPs: https://api.crowdstrike.com/intel/combined/indicators/v1?filter=type:'ip_address'

    3. Add your CrowdStrike ID for CrowdStrike ID

    4. Add "crowdstrike" for CrowdStrike User Agent

    5. Add CrowdStrike Secret for Crowdstrike Secret

  5. Click Test Access to test the connection

  6. Map indicator and tag columns, and then click Create to generate the feed

Automate Ingestion

Silent Push automatically investigates the specified URL at regular intervals, ensuring you always receive the latest threat data.

Data Enrichment

Silent Push supplements the incoming data with additional context and risk scores, making the threat information more actionable.

Workflow Integration

Integrate the enriched threat intelligence into your existing security platforms. This empowers automated workflows and rapid response, which helps you prevent potential breaches before they occur.