The CreatorCon Call for Content is officially open! Get started here.

CrowdStrike Falcon Exposure Management – Incorrect 'Last Found' Date on Detections

gatesjj2
Tera Contributor

Hi everyone,


I've recently configured the CrowdStrike Falcon Exposure Management for Vulnerability Response app (x_crowd_vulnerabil) in my ServiceNow instance. The integration is successfully ingesting detection payloads, but I've run into an issue with how the 'Last Found' date is being populated.


Currently, the integration uses the updated_timestamp field from the payload to set the 'Last Found' value. Unfortunately, this timestamp reflects a date from March 2025, which is causing the auto-close rules to incorrectly mark these detections as stale.


When I check the CrowdStrike console directly, I can see that the 'Last Seen' date for these detections is much more recent and accurate. However, this value doesn't appear to be included in the payload being sent to ServiceNow.


Has anyone else experienced this behavior? Is there a recommended way to ensure the 'Last Seen' date from CrowdStrike is captured and mapped correctly to the 'Last Found' field in VR?


Any guidance or suggestions would be greatly appreciated!


Thanks

0 REPLIES 0