CrowdStrike ThreatGraph
Modified on: Wed, 7 Sep, 2022 at 7:03 PM
Overview
CrowdStrike provides a suite of five APIs to enable customers of the
CrowdStrike Falcon platform to enhance their triage workflow and
leverage their existing security investments.
The Falcon Threat Graph API is one of the five API’s offered by
Crowdstrike that leverages CrowdStrike’s multi-petabyte graph database
to reveal the underlying relationships between indicators of compromise
(IOCs), devices, processes, and other forensic data and events, such as
files written, module loads, or network connections.
With ThreatGraph Transforms, investigators can query the CrowdStrike
ThreatGraph API to interact with CrowdStrike Falcon data and traverse
the graph to investigate relationships between events.
To read more click here.
[ThreatGraph] Get Sensors
| CSPass |
string |
DefaultValue |
false |
true |
false |
| CSUser |
string |
DefaultValue |
false |
true |
false |
| Display Name |
[ThreatGraph] Get Sensors |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
ThreatGraph |
| Transform Name |
GetSensors |
| Input Entities |
maltego.Hash |
| Output Entities |
Phrase |
| Short Description |
|
[ThreatGraph] Get User from
PID
| CSPass |
string |
DefaultValue |
false |
true |
false |
| CSUser |
string |
DefaultValue |
false |
true |
false |
| Display Name |
[ThreatGraph] Get User from PID |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
ThreatGraph |
| Transform Name |
GetPIDUser |
| Input Entities |
CS.PID |
| Output Entities |
Phrase |
| Short Description |
|
[ThreatGraph] Get DNS
Request Data from PID
| CSPass |
string |
DefaultValue |
false |
true |
false |
| CSUser |
string |
DefaultValue |
false |
true |
false |
| Display Name |
[ThreatGraph] Get DNS Request Data from PID |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
ThreatGraph |
| Transform Name |
GetPIDDNSReq |
| Input Entities |
CS.PID |
| Output Entities |
Phrase |
| Short Description |
|
[ThreatGraph] Get PID
Children
| CSPass |
string |
DefaultValue |
false |
true |
false |
| CSUser |
string |
DefaultValue |
false |
true |
false |
| Display Name |
[ThreatGraph] Get PID Children |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
ThreatGraph |
| Transform Name |
GetPIDChildren |
| Input Entities |
CS.PID |
| Output Entities |
Phrase |
| Short Description |
|
[ThreatGraph] Get
PID Modules that were Written
| CSPass |
string |
DefaultValue |
false |
true |
false |
| CSUser |
string |
DefaultValue |
false |
true |
false |
| Display Name |
[ThreatGraph] Get PID Modules that were Written |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
ThreatGraph |
| Transform Name |
GetPIDWrittenModule |
| Input Entities |
CS.PID |
| Output Entities |
Phrase |
| Short Description |
|
[ThreatGraph] Get Sensors DNS
| CSPass |
string |
DefaultValue |
false |
true |
false |
| CSUser |
string |
DefaultValue |
false |
true |
false |
| Display Name |
[ThreatGraph] Get Sensors DNS |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
ThreatGraph |
| Output Entities |
Phrase |
| Short Description |
|
Variants
| GetSensorsDNS |
maltego.Domain |
| GetSensorsDNSName |
maltego.DNSName |
[ThreatGraph] Get PID Modules
| CSPass |
string |
DefaultValue |
false |
true |
false |
| CSUser |
string |
DefaultValue |
false |
true |
false |
| Display Name |
[ThreatGraph] Get PID Modules |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
ThreatGraph |
| Transform Name |
GetPIDModule |
| Input Entities |
CS.PID |
| Output Entities |
Phrase |
| Short Description |
|
[ThreatGraph] Get PID
IPv4 Remote Addresses
| CSPass |
string |
DefaultValue |
false |
true |
false |
| CSUser |
string |
DefaultValue |
false |
true |
false |
| Display Name |
[ThreatGraph] Get PID IPv4 Remote Addresses |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
ThreatGraph |
| Transform Name |
GetPIDIPv4 |
| Input Entities |
CS.PID |
| Output Entities |
Phrase |
| Short Description |
|
[ThreatGraph] Get
Process ID’s from Sensor
| CSPass |
string |
DefaultValue |
false |
true |
false |
| CSUser |
string |
DefaultValue |
false |
true |
false |
| Display Name |
[ThreatGraph] Get Process ID’s from Sensor |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
ThreatGraph |
| Transform Name |
GetProcData |
| Input Entities |
CS.Sensor |
| Output Entities |
Phrase |
| Short Description |
|
[ThreatGraph] Get PID Data
| CSPass |
string |
DefaultValue |
false |
true |
false |
| CSUser |
string |
DefaultValue |
false |
true |
false |
| Display Name |
[ThreatGraph] Get PID Data |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
ThreatGraph |
| Transform Name |
GetPIDData |
| Input Entities |
CS.PID |
| Output Entities |
Phrase |
| Short Description |
|
[ThreatGraph] Get Domains from
PID
| CSPass |
string |
DefaultValue |
false |
true |
false |
| CSUser |
string |
DefaultValue |
false |
true |
false |
| Display Name |
[ThreatGraph] Get Domains from PID |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
ThreatGraph |
| Transform Name |
GetPIDDNS |
| Input Entities |
CS.PID |
| Output Entities |
Phrase |
| Short Description |
|
[ThreatGraph] Get Process
Parent
| CSPass |
string |
DefaultValue |
false |
true |
false |
| CSUser |
string |
DefaultValue |
false |
true |
false |
| Display Name |
[ThreatGraph] Get Process Parent |
| Owner |
iTDS |
| Author |
iTDS@Paterva.com |
| Data Source |
ThreatGraph |
| Transform Name |
GetPIDParent |
| Input Entities |
CS.PID |
| Output Entities |
Phrase |
| Short Description |
|