--- title: "CrowdStrike Indicator Feed Integration" slug: "crowdstrike-integration" tags: ["Integration", "Plug-ins"] updated: 2026-01-08T16:56:54Z published: 2026-01-08T16:55:13Z canonical: "help.silentpush.com/crowdstrike-integration" --- > ## Documentation Index > Fetch the complete documentation index at: https://help.silentpush.com/llms.txt > Use this file to discover all available pages before exploring further. # CrowdStrike Indicator Feed Integration Use the CrowdStrike integration with Silent Push to ingest live threat intelligence feeds from CrowdStrike into the Silent Push platform, and then enrich these feeds with Silent Push’s proprietary data. The CrowdStrike integration with Silent Push enables customers to: - Receive real‐time feeds from CrowdStrike’s advanced endpoint intelligence. - Automatically enhance CrowdStrike feeds with Silent Push’s proprietary data. - Integrate enriched threat intelligence into SIEM, SOAR, or TIP workflows to enable faster, automated incident responses. ## Benefits Customers gain the following benefits from our CrowdStrike integration: - Retrieve real‐time, enriched threat intelligence to identify and mitigate risks more effectively. - Automate your security workflows to reduce the time between detection and response. - Gain a comprehensive view of potential threats by combining CrowdStrike’s data with Silent Push’s enrichment. - Easily incorporate enriched threat intelligence into your existing security systems with minimal disruption. ## Integration The CrowdStrike and Silent Push integration successfully supports cybersecurity workflows with the following operational process: ### **Data Ingestion** The system collects live threat data from CrowdStrike, keeping you up to date with the latest intelligence. To collect the data, Silent Push customers must [Create a feed from a URL](/v1/docs/create-and-manage-threat-intelligence-feeds#create-feeds). ### **Configure the**Feed Use the Silent Push **Feeds** feature to specify the CrowdStrike data endpoint. This enables you to access threat intelligence in a standardized format. 1. From the left navigation menu, select**Defend >** **All Feeds > Create New Feed** in the upper left corner, below the filters. 2. Click **From URL.** 3. Add **Feed Name, Feed type**, Vendor, and **Description**. 4. Add **CrowdStrike URL**: - Domains: `https://api.crowdstrike.com/intel/combined/indicators/v1?filter=type:'domain'` - IPs: `https://api.crowdstrike.com/intel/combined/indicators/v1?filter=type:'ip_address'` - Add your **CrowdStrike ID** - Add **CrowdStrike User Agent** - Add **CrowdStrike Secret** 5. Click **Test Access** to test the connection. 6. Map indicator and tag columns, and then click **Create** to generate the feed. ### **Automate Ingestion** Silent Push automatically investigates the specified URL at regular intervals, ensuring you always receive the latest threat data. ### **Data Enrichment** Silent Push supplements the incoming data with additional context and risk scores, making the threat information more actionable. ### **Workflow Integration** Integrate the enriched threat intelligence into your existing security platforms. This enables automated workflows and rapid response, helping you prevent potential breaches before they occur. A curated stream of threat intelligence data containing indicators of compromise (IoCs), such as malicious IPs or domains, used to monitor and mitigate cyber threats. A centralized module in a threat intelligence platform for organizing, searching, and analyzing data from various feeds, enabling efficient threat detection and response workflows. The unique identifier or label assigned to a specific threat intelligence feed, used to distinguish it within a platform for tracking and analysis purposes. The entity or organization that owns or provides a threat intelligence feed, identified as the source of the data.