Skip to main content

Poll for new CrowdStrike Alerts and Open a Torq Case - Workflow Template

Automatically pull new Crowdstrike alerts on a schedule, then deduplicate alerts and create cases with a field mapper.

Updated yesterday

This workflow template automates the process of monitoring Crowdstrike alerts for cybersecurity threats by regularly fetching data from the Crowdstrike API. Upon retrieval, the workflow maps the alert fields to a predefined case layout and deduplicates to prevent case duplication. Each new and unique alert results in the creation of a case within Torq. This enables security teams to streamline incident response, ensuring quick detection and organization of potential security breaches.

Take Me to the Template

Use Cases

Case Management

Workflow Breakdown

  1. Establish a checkpoint to mark accurate beginning and end times.

  2. Pull alerts from Crowdstrike API on schedule.

  3. Map alert fields to a predefined case layout.

  4. Create a case for each new alert.

Vendors

Utils, CrowdStrike, Torq, Torq Cases

Tips

Related Articles
Poll for New Microsoft Defender for Endpoint Events for Cases - Workflow Template
Initial Intezer Case Creation - Workflow Template
Poll for new SentinelOne Threats and Open a Torq Case - Workflow Template
Initial CrowdStrike Case Creation - Workflow Template
Initial SentinelOne Case Creation - Workflow Template
Did this answer your question?