Skip to main content

Workflow Template: Poll for new CrowdStrike Alerts and Open a Torq Case

Automatically pull new CrowdStrike alerts on a schedule, then deduplicate alerts and create cases with a field mapper.

Updated this week

The "Poll for new CrowdStrike Alerts and Open a Torq Case" workflow template is designed to streamline case management by automating the retrieval and processing of alerts from the CrowdStrike API. This workflow ensures timely incident response by scheduling regular checks for new alerts, deduplicating them, and mapping alert fields to a predefined case layout. Each new alert is then transformed into a case, enhancing efficiency and accuracy in handling security incidents.

Take Me to the Template

Use Cases

Case Management

Workflow Breakdown

  1. Establish a checkpoint to mark accurate beginning and end times.

  2. Pull alerts from Crowdstrike API on schedule.

  3. Map alert fields to a predefined case layout.

  4. Create a case for each new alert.

Vendors

Utils, CrowdStrike, Torq, Torq Cases

Tips

Related Articles
Workflow Template: Poll for New Microsoft Defender for Endpoint Events for Cases
Workflow Template: Poll Microsoft Outlook on a Schedule for New Messages for Cases
Workflow Template: Poll for new SentinelOne Threats and Open a Torq Case
Workflow Template: Initial CrowdStrike Case Creation
Workflow Template: Initial SentinelOne Case Creation
Did this answer your question?