CrowdStrike

IT & Security

Endpoint security & threat detection MCP

Triggers

Actions

Integrate CrowdStrike with your AI Workflows

Connect CrowdStrike Falcon with Atlastix agents to automate endpoint security monitoring, threat detection, and incident response workflows. Monitor security events, manage quarantine actions, and generate comprehensive security reports.

What you can automate

Events that trigger workflows and actions your AI agents can perform

Quarantine File

Quarantine a suspicious file on an endpoint.

Automated execution

Block Process

Block a malicious process from running.

Automated execution

Generate Security Report

Create detailed security posture reports.

Automated execution

Search Endpoints

Search across all managed endpoints for indicators.

Automated execution

Update Detection Policy

Modify endpoint detection and response policies.

Automated execution

Isolate Host

Network isolate a compromised endpoint.

Automated execution

Threat Detected

Fires when a new threat is detected on an endpoint.

Real-time trigger

Quarantine Action Completed

Fires when a file or process is successfully quarantined.

Real-time trigger

Security Alert Generated

Fires when a new security alert is created.

Real-time trigger

API Endpoints

Available API endpoints and methods

API Endpoints (10)

GETGET /detects/queries/detects/v1

GETGET /incidents/queries/incidents/v1

GETPOST /devices/actions/contain/v1

GETPOST /devices/actions/lift-containment/v1

GETGET /devices/queries/devices/v1

GETPOST /real-time-response/entities/admin-command/v1

GETGET /intel/queries/indicators/v1

GETPOST /prevention-policies/entities/prevention-policies/v1

GETGET /reports/entities/reports/v1

GETPOST /malquery/entities/samples-fetch/v1

Authentication Required

This integration requires authentication with CrowdStrike. Atlastix will securely handle the OAuth flow when you connect your account.

Ready to get started?

Connect CrowdStrike to your Atlastix workspace in just a few clicks.