{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/integration/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["siem","edr","integration","microsoft-defender"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCrowdStrike is expanding its Falcon Next-Gen SIEM to incorporate third-party EDR solutions, starting with Microsoft Defender. This integration aims to allow organizations to modernize their SOC without replacing existing endpoint agents, addressing the issue of fragmented security systems. Modern attacks exploit gaps across endpoint, identity, network, and cloud environments, forcing security teams to investigate across disparate systems. Falcon Next-Gen SIEM combines index-free search, AI-driven threat detection, and automation across diverse environments to provide a data-agnostic approach to SOC transformation, improving detection and response times. By integrating Microsoft Defender telemetry, Falcon Next-Gen SIEM unifies detection, investigation, and response within a single console.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eThis threat brief focuses on the integration of security tools rather than a specific attack chain.  However, the value of the integration is to defend against a variety of attack chains, a generalized example follows:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eInitial Access: An attacker gains initial access through methods such as phishing or exploiting a vulnerability. (T1566, T1190)\u003c/li\u003e\n\u003cli\u003eExecution: The attacker executes malicious code on the endpoint. (T1059)\u003c/li\u003e\n\u003cli\u003ePersistence: The attacker establishes persistence to maintain access to the compromised system. (T1547)\u003c/li\u003e\n\u003cli\u003eLateral Movement: The attacker moves laterally within the network to access additional systems. (T1021)\u003c/li\u003e\n\u003cli\u003eCredential Access: The attacker attempts to steal credentials to escalate privileges and access sensitive data. (T1003)\u003c/li\u003e\n\u003cli\u003eData Exfiltration: The attacker exfiltrates sensitive data from the compromised systems. (T1041)\u003c/li\u003e\n\u003cli\u003eImpact: The attacker achieves their objective, such as data theft, system disruption, or ransomware deployment. (T1486)\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe integration of Microsoft Defender with CrowdStrike Falcon Next-Gen SIEM aims to reduce the impact of successful attacks.  Without unified detection, organizations may experience delayed detection, slower response times, increased operational costs, and potential data breaches. The number of potential victims and sectors targeted is broad, as this integration applies to any organization using both Microsoft Defender and CrowdStrike. Success of an attack despite these tools leads to data breaches, financial losses, and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rules in this brief to your SIEM and tune for your environment to detect suspicious processes indicative of post-exploitation activity.\u003c/li\u003e\n\u003cli\u003eInvestigate systems generating process creation events flagged by the rules in this brief (process_creation logging).\u003c/li\u003e\n\u003cli\u003eReview Falcon Onum settings to ensure proper filtering and routing of Microsoft Defender telemetry to optimize data fidelity and reduce storage costs (Falcon Onum documentation).\u003c/li\u003e\n\u003cli\u003eUtilize federated search capabilities to investigate across live, network, and archived data sources, including Falcon LogScale, ExtraHop, and Amazon S3 (Falcon Next-Gen SIEM documentation).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-28T22:14:01Z","date_published":"2026-03-28T22:14:01Z","id":"/briefs/2026-04-falcon-siem-microsoft-defender/","summary":"CrowdStrike's Falcon Next-Gen SIEM expands to support third-party EDR solutions, beginning with Microsoft Defender, to unify detection, investigation, and response without requiring the Falcon sensor and modernize security operations.","title":"CrowdStrike Falcon SIEM Integration with Microsoft Defender","url":"https://feed.craftedsignal.io/briefs/2026-04-falcon-siem-microsoft-defender/"}],"language":"en","title":"CraftedSignal Threat Feed — Integration","version":"https://jsonfeed.org/version/1.1"}