CrowdStrike Integration with TigerTrust
TigerTrust integrates with CrowdStrike Falcon for certificate-aware security operations.
API Configuration
Configure CrowdStrike API access:
crowdstrike: client_id: $CROWDSTRIKE_CLIENT_ID client_secret: $CROWDSTRIKE_CLIENT_SECRET base_url: https://api.crowdstrike.com features: threat_detection: true endpoint_visibility: true ioc_sharing: true
Certificate IOC Sharing
Share certificate indicators of compromise:
{ "type": "certificate", "value": { "thumbprint": "SHA256:abc123...", "common_name": "malicious.example.com", "issuer": "Unknown CA" }, "severity": "high", "action": "detect", "description": "Certificate associated with known malware campaign" }
Endpoint Certificate Visibility
Query endpoint certificate data:
# Query certificates on endpoints crowdstrike.query_certificates( filter="common_name:*example.com", sort="last_seen|desc", limit=100 )
Alert Correlation
Correlate TigerTrust and CrowdStrike alerts:
correlation_rules: - name: Certificate Used in Attack crowdstrike_event: ProcessCreate tigertrust_event: certificate_usage conditions: - process_reputation: malicious - certificate_valid: false action: create_incident - name: Unauthorized Certificate crowdstrike_event: TLSConnection tigertrust_event: unknown_certificate conditions: - connection_external: true action: alert_security
Incident Response
Automated response to certificate threats:
incident_response: certificate_compromise: actions: - revoke_certificate - isolate_endpoints - collect_forensics - notify_security_team
XDR Integration
Extended detection and response:
- Certificate data in XDR timelines
- Cross-domain threat correlation
- Unified investigation interface
- Automated containment
Enhance certificate security with CrowdStrike and TigerTrust.