CrowdStrike Falcon Recon
概要
CrowdStrike Falcon Recon imports exposure monitoring alerts (typosquatting, leaked credentials, dark web posts) as OpenCTI Incidents with associated observables.
CrowdStrike Falcon Recon provides real-time notifications about external threats targeting your organization, including typosquatting domains, leaked credentials, dark web posts, and exposed files.
The OpenCTI CrowdStrike Recon connector imports these alerts as Incidents into OpenCTI, with associated observables (domains, emails, URLs, user accounts, malware) and relationships. It supports filtering by topic, notification type, and priority, and includes detailed Markdown reports attached to each Incident.