Crowdstrike Endpoint integration

Rahulkalra
Tera Contributor

Is any other way to filter the endpoint alerts that come in so that security incidents are only created for certain alert types besides altering the scripts?

 

Are there alert rules or something we can configure to get this to work without updating the scripting?
Are here rules that can be configured to deduplicate endpoint alerts as well to prevent incidents being created when multiple alerts come in with the same threat/same host?

0 REPLIES 0