101 0 Kommentare CrowdStrike Delivers the Next Generation of SIEM to Power the AI-Native SOC - Seite 2

Generative AI and Workflow Automation:

Charlotte AI for all Falcon Data: Charlotte AI, CrowdStrike’s Generative AI security analyst which transforms every user into a power user, is now available for all Falcon data in Next Gen SIEM. Analysts can ask any question of Falcon data in the Falcon platform, as well as from product documentation or Knowledge Bases, in plain language and get an answer back in seconds.
Investigate with Charlotte AI: Transforms the speed and efficiency of investigations by automatically correlating all related context into a single incident and generates an LLM-powered incident summary for understanding by security analysts of all skill levels.
New GenAI Promptbooks: New out-of-the-box promptbooks drive the most common analyst workflows across detection, investigation, hunting, and response with velocity. Teams can further define custom prompts to standardize and re-use specific detection and response workflows to go from incident to action with greater speed and efficiency.
Native SIEM and SOAR Integration: Falcon Fusion SOAR provides a newly modernized UI for a drag and drop experience to create playbooks and workflows, accelerating detection, investigation and response. Falcon Next-Gen SIEM includes a growing library of integrations and actions to automate critical security and IT use cases across siloed teams and tools.
Automated Investigations and Threat Hunting: Falcon Fusion SOAR brings workflow automation to threat investigation and hunting. Analysts can automatically query all data in Falcon Next-Gen SIEM and close the loop by visualizing the results or orchestrating action across Falcon and third-party tools.

Rapid Data Ingestion to Consolidate Detection and Response:

Expanded Data Ecosystem: Falcon Next-Gen SIEM includes new and updated connectors to consolidate third-party IT and security data into the unified Falcon platform.
New Cloud Connectors: Includes comprehensive connectors for AWS, Azure, and GCP. AWS coverage includes all key cloud services such as GuardDuty, Security Hub, and S3 Access Logs. Azure connectors include Microsoft Defender for Cloud and Microsoft Exchange Online.
Automated Data Normalization on a Common Standard: Data onboarding is streamlined and made easy with new parsers. Automated normalization of third-party data on the new CrowdStrike Parsing Standard creates a common understanding that drives rapid, accurate detection and response across all data sources.
Automated SIEM Data On-boarding: New data management capabilities make it easy to understand the health, volume, and status of data ingestion, as well as manage and edit custom parsers to easily bring in new data sources, including on-premises log collectors.