# CrowdStrike Integration By connecting CrowdStrike with ilert, endpoint threat detections – like malware alerts or suspicious behavior – automatically generate actionable incidents. This enables rapid notification, structured escalation, and centralized incident tracking, strengthening your endpoint security response. ## In ilert: Create a CrowdStrike alert source 1. Go to **Alert sources** --> **Alert sources** and click on **Create new alert source**

2. Search for **CrowdStrike** in the search field, click on the CrowdStrike tile and click on **Next**.

3. Give your alert source a name, optionally assign teams and click **Next**. 4. Select an **escalation policy** by creating a new one or assigning an existing one.

5. Select you [Alert grouping](https://docs.ilert.com/alerting/configure-alerting/alert-sources#alert-grouping) preference and click **Continue setup**. You may click **Do not group alerts** for now and change it later.

6. The next page show additional settings such as customer alert templates or notification prioritiy. Click on **Finish setup** for now. 7. On the final page, an API key and / or webhook URL will be generated that you will need later in this guide.

## In CrowdStrike 1. Go to Workflows Dashboard by clicking the "**CrowdStrike**" logo on top left and choose **Workflows** ![](https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2F8Qs4jatnKEOS70j9iC3u%2Fcrowdstrike-workflow.png?alt=media\&token=204fb144-5307-4ce1-bf58-b3895127a692) 2. Click on **Create a Workflow** on top right, on the workflow workspace add a trigger, and choose "**New Detection"** additionally you can also add Condition, in this case we chose greater than **Medium** severity ![](https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2Fqyz4mTiD96TX1RC6b5iu%2Fcrowdstrike-conditionworkflowdetection.png?alt=media\&token=7e44f91c-6279-4c22-8573-ce0bc145746d) 3. On creating Action choose Action type **Notification** and **Call webhook** as Action, you might need to configure it from store if you haven't done so. Go ahead and click the Store link, and click "**Configure**" on the Webhook. 4. Add the **Name** in this case we name it as ilert-incident and put the **Webhook URL** that we got from ilert's dashboard earlier. ![](https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FWIOzKhs27egIeTINly8B%2Fcrowdstrike-webhook.png?alt=media\&token=8161f323-8595-4042-9509-45575efe36b9) 5. Click **Save Configuration**, and it should be added to the Workflow workspace. 6. Choose the Webhook name based on the name that we set earlier, and choose **ALL** Data to include ![](https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FD32LFVxwo2arEO4X3pua%2Fcrowdstrike-saveworkflowdetection.png?alt=media\&token=5bbfa04d-206f-45ef-b421-d4fb524acfb5) 7. Save the configuration and turn the workflow on, and upon Detection creation, the incident will be created on ilert. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ilert.com/integrations/inbound-integrations/crowdstrike.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.