SupportSnyk LearnAPI referenceProduct updatesSign up for free

CrowdStrike Falcon Next-Gen SIEM

Release status

The CrowdStrike Falcon Next-Gen SIEM integration is in Early Access, and is available only with Snyk Enterprise plans. To learn more, visit Plans and pricing.

Integrate Snyk vulnerability data into the CrowdStrike Falcon® platform for unified security visibility across application and endpoint domains. For example, you can detect when a critical vulnerability is introduced in a deployed container image due to a newly discovered CVE in an open-source dependency.

The process for setting up this integration consists of:

  1. Configure the CrowdStrike Data Connector

  2. Configure the Snyk Issue Forwarder

  3. Verify the integration connection

Prerequisites

  • A CrowdStrike subscription for Falcon Next-Gen SIEM or Falcon Next-Gen SIEM 10GB.

  • Connector Manager access to the Falcon console for the relevant CID.

  • A Snyk user account with permissions to edit and view Group integrations.

Configure the CrowdStrike Data Connector

To use the CrowdStrike NG-SIEM destination, you need to set up a CrowdStrike data connector using the HEC/HTTP Event Connector. For more details, visit the Step 1: Set up the HEC/HTTP event data connector CrowdStrike page for instructions. Select the snyk-platform (Snyk Platform) parser while configuring the data connector.

When setting up the data connector, you receive a HEC API key and URL, which you will use later to configure the Snyk Issue Forwarder.

Configure Snyk Issue Forwarder

This section configures Snyk to send issue data to the CrowdStrike connector you just created.

  • Open the Integrations menu.

  • Select the Add integration option.

  • Select the Issue Forwarding tag and search for CrowdStrike Issue Forwarding.

  • Click the Add button.

  • Add the profile name for this integration.

  • Add the API ID you copied earlier from your CrowdStrike Issue Forwarding account.

  • Add the API key you copied earlier from your CrowdStrike Issue Forwarding account.

  • Click the Done button.

  • When the connection is established, the status of the CrowdStrike Issue Forwarding integration is changed to Connected.

Verify the integration connection

After the integration is set up, you can verify that Snyk data is being forwarded to CrowdStrike. For more details, visit the Step 3: Verify successful data ingestion CrowdStrike page for instructions.

If you need to run a manual search, use this query in Advanced Event Search:

#Vendor = snyk and @error != "true"
PreviousGoogle Security Command CenterNextPartner integrations

Last updated

Was this helpful?