Hi,
We want to integrate CrowdStrike for EDR with Netskope using the link- “https://docs.netskope.com/en/integrating-crowdstrike-for-edr/#integrating-crowdstrike-for-edr-1”
As per the document I understand that Netskope pushes the malware hash file to CrowdStrike, endpoints are checked to see if that malware hash file exists. If so, Netskope retrieves the identity of the endpoints and captures the details in a Skope IT alert. If no endpoints have the malware hash file, Netskope publishes the Indicators of Compromise IOC into CrowdStrike’s Custom IOC repository.
But I have few questions here as- 1. When NS pushes malware hash file to CS, if there is any active detection occurs we will get alert on NS under remediation alert type. But will we get the detection alert on CS for the same?
For this same scenario, when we are getting the remediation alert on NS, it will be block from NS. But will it be block from CS also and in this case will it be added under IOC of CS?