When integrating Crowdstrike threat intelligence with Reveal(x)360, how can you verify the Crowdstrike threat intel feed?
Perhaps you can see if the “Last Successful Sync” under the R(x) 360 admin console → Integrations → CrowdStrike Falcon Integration is up to date:
You can also check under the Settings → Threat Intelligence , and scroll to the bottom, to the “Integration Partner Threat Collections”, and checking “Last Updated” as well.
And lastly, this may be ill-advised, but if you are 100% clear to do so and will NOT get into any hot waters in intentionally accessing a suspicious websites, you could also login to the FalconX Indicators GUI itself, select “URL, Domain, IP” for Type, and then “Confidence” : High. This obviously is assuming you have access and permission to run these suspicious queries on a system that is being monitored by ExtraHop.
In the FalconX GUI:
You would be able to validate the FalconX integration by clicking on the red surveillance camera icon and it’ll show something like this: