Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

Crowdstrike Endpoint integration

Rahulkalra
Tera Contributor

‎12-17-2024 01:59 PM

Is any other way to filter the endpoint alerts that come in so that security incidents are only created for certain alert types besides altering the scripts?

 

Are there alert rules or something we can configure to get this to work without updating the scripting?
Are here rules that can be configured to deduplicate endpoint alerts as well to prevent incidents being created when multiple alerts come in with the same threat/same host?

0 Helpfuls
  • 980 Views
1 REPLY 1

bpolo
Tera Guru

‎02-26-2026 02:23 PM

Hi there

Just curious, did you ever find a solution to your question

"Are there rules that can be configured to deduplicate endpoint alerts as well to prevent incidents being created when multiple alerts come in with the same threat/same host?" Thanks!

 

 

0 Helpfuls