Falcon Intelligence APIs are divided into four key subfunctions, defined below. Standard subscribers have access to two subfunctions, while Premium subscribers have access to all four. See the descriptions and chart below.
Both Standard and Premium Falcon Intelligence Subscribers have access to the following subfunctions:
- Actors — The Falcon Intelligence Actors API allows subscribers to query and search for specific actors that CrowdStrike is tracking. It is a REST API that operates on a standard request-response model.
- Indicators — The Indicator API allows subscribers to query for indicators found in their environments such as those related to various actors, indicators of a specific confidence level, and those associated with Falcon Intelligence reports. The data can be sorted and filtered to more quickly locate the information you need.
Falcon Intelligence Premium Only
The publications include:
Intelligence Reports (CSIR)
Threat Assessments (CSTA)
Alerts (CSA)
Periodic Reports (CSMR)
Tippers (CSIT)
Tailored Intelligence — This API allows Falcon Intelligence Premium customers to maintain situational awareness on topics of interest. For example, you can track if your company's name is mentioned, or spot new developments with a particular malware family that interests you. This API will return the latest results when there's a match between your watchlist and the various sources monitored by CrowdStrike.
This table shows the APIs available with each level of your Falcon Intelligence subscription:
Intelligence API |
Standard |
Premium |
Actors |
X |
X |
Indicators |
X |
X |
Reports |
|
X |
Tailored Intelligence |
|
X |
Please Note: All Falcon Intelligence APIs are REST APIs that operate on the standard request-response model. Requests are made with HTTPS and request/response data formatted as JSON.