CrowdStrike integration

This page includes:

• CrowdStrike integration
  • About the CrowdStrike integration
  • How it works
  • The FortiMail Workspace Security-CrowdStrike integration procedure
  • Step 1: Installing the CrowdStrike-FortiMail Workspace Security app
  • Step 2: Activating the FortiMail Workspace Security-CrowdStrike integration
  • Step 3: Configuring the FortiMail Workspace Security-CrowdStrike integration
  • Flow chart diagram

Note: Before implementing this channel integration, contact your Customer Success Manager for FortiMail Workspace Security to make sure that this functionality is included in your current FortiMail Workspace Security license.

About the CrowdStrike integration

FortiMail Workspace Security can be integrated with various products. This page explains the configurations that are required to integrate FortiMail Workspace Security with CrowdStrike. This page describes what must be performed by FortiMail Workspace Security Support and what must be performed by you, the customer, to perform the integration.

FortiMail Workspace Security is a highlighted CrowdStrike partner. The combination of FortiMail Workspace Security together with CrowdStrike's Falcon Platform provides comprehensive threat detection, remediation, and containment.

How it works

If malware breaches an organization's perimeter, and is detected on an endpoint, it is quite likely that there are already other instances of that malware within the organization, especially when people work in a multi-channel environment.

After the FortiMail Workspace Security-CrowdStrike integration has been configured, the instant the CrowdStrike Falcon Platform detects malicious content on an endpoint, it sends the hash of the malicious file to FortiMail Workspace Security. Then FortiMail Workspace Security searches for the hash to see if there are any file matches inside the organization - across all the collaboration channels that FortiMail Workspace Security is protecting, including email, cloud storage platforms, and EDR tools. Once a file is identified by the Falcon Platform, the organization's SOC team immediately receives an alert, and FortiMail Workspace Security automatically contains the malware, preventing it from spreading. In addition, FortiMail Workspace Security will change the scan verdict associated with the malware - to malware - to prevent the malware from again penetrating the organization.

Note: Malicious files that are detected in CrowdStrike are included in the Events page in FortiMail Workspace Security. For details, see Events.

The FortiMail Workspace Security-CrowdStrike integration procedure

Perform the 3-step procedure below to integrate FortiMail Workspace Security with CrowdStrike.

Steps
Step 1 - Installing the CrowdStrike-FortiMail Workspace Security app
Step 2 - Activating the FortiMail Workspace Security-CrowdStrike integration
Step 3 - Configuring the FortiMail Workspace Security-CrowdStrike integration

Step 1: Installing the CrowdStrike-FortiMail Workspace Security app

This step installs the CrowdStrike-FortiMail Workspace Security app.

1. Install the Perception Point X‑Ray app from the CrowdStrike store.

   Click Start free trial [] to begin the process.

   FortiMail Workspace Security Support will convert the installation from Free Trial to Purchased during Step 2 below.

2. When the CrowdStrike-FortiMail Workspace Security app is installed, continue with Step 2 below.

Step 2: Activating the FortiMail Workspace Security-CrowdStrike integration

1. In FortiMail Workspace Security, in the left navigation menu, select Settings > Bundles and Channels.

2. Under Assigned Bundles, make sure that at least one bundle is assigned that includes the CrowdStrike channel.

   Note: If a bundle that includes the CrowdStrike channel is assigned, then CrowdStrike will appear in the list of channels under Enabled Channels. You can click Bundles Settings, that is located on the right of each Assigned Bundle, to see which channels are included in a bundle.

3. Under Enabled Channels, locate "CrowdStrike" and then click "Activate" located on the right.

Step 3: Configuring the FortiMail Workspace Security-CrowdStrike integration

This step configures the CrowdStrike integration with FortiMail Workspace Security.

• This step must be performed by FortiMail Workspace Security Support.

• FortiMail Workspace Security Support can perform this step only after Step 2 above has been completed.

• After you have completed Step 2 above, contact FortiMail Workspace Security Support [support@perception-point.io] and ask them to perform Step 3 - Configuring the FortiMail Workspace Security-CrowdStrike integration.

  You can include the text template below in your email:

  Subject: Configuring the CrowdStrike integration - Step 3 Auto-email

  Hi Perception Point Support Team, Organization name: <Your organization name> as it appears in FortiMail Workspace Security We are performing the integration with CrowdStrike. We have completed Step 2 - Activating the FortiMail Workspace Security-CrowdStrike integration. Please can you perform Step 3 - Configuring the FortiMail Workspace Security-CrowdStrike integration. [Internal Reference: 1150] Please let us know when this has been done. Thank you

• FortiMail Workspace Security Support will inform you when Step 3 has been completed. When Step 3 has been completed, the CrowdStrike integration will be active.

• Make sure that CrowdStrike now appears as "Active" under Settings > Bundles and Channels > Enabled Channels.

Flow chart diagram

See also: 

• Integrating EDR tools

• Integrating Channels