Home

Awesome

Logo

<p align="center"> CrowdStrike Falcon Orchestrator is an extendable Windows-based application that provides workflow automation, case management and security response functionality. The tool leverages the highly extensible APIs contained within the CrowdStrike Falcon Connect program. </p>

Video Demonstration

Check out the following video on YouTube for a project overview and demonstration of Falcon Orchestrator.

Support

As an open source project this software is not officially supported by CrowdStrike. As such we ask that you please refrain from sending inquiries to the CrowdStrike support team. The project maintainers will be working with active community contributors to address bugs and supply new features. If you have identified a bug please submit an issue through GitHub by following the contribution guidelines. You can also post questions or start conversations on the project through our community forums page.

Getting Started

Please refer to the Wiki page for instructions on installing and configuring the application. You can download the installer through the release page.

Development

Being a Windows based application, the tool was developed with the use of .NET 4.5, C#, ASP.NET MVC 4, Entity Framework and PowerShell. If forking or cloning the repository, please note the code was written with Visual Studio 2015. Compatibility with earlier Visual Studio versions can be problematic. You can either rebuild projects individually and copy over the compiled DLL/EXE to the requires location or alternatively re-complile the installer project to produce a new MSI package with you code changes. To do this, open a visual studio command prompt, change directories to the FalconOrchestrator.Installer project and execute the command msbuild /t:Build;PublishWebSite;Harvest;WIX setup.build

Third Party Libraries

The following external libraries are used within the project. These are not provided via the GitHub repository, if building from source you will need to right click on the solution file in Visual Studio and select Restore NuGet Packages.

Project Structure

The solution is composed of 7 projects/modules, each providing specific functionality to the overall application. Each project is prepended with the project name FalconOrchestrator.

NameTypeDescription
ClientWindows ServiceThis is an ETL service that is responsible for connecting to the Falcon Host Streaming API, consuming detection events and executing the configured workflow logic against those events.
DALClass LibraryCentralized library using Entity Framework for common database access related tasks
InstallerSetup ProjectWIX project used to build full application into an MSI installer for simplified deployment.
LDAPClass LibraryCentralized library for performing activity related to Active Directory integration.
ForensicsClass LibraryCentralized library that manages PowerShell's Remoting calls to execute pre-defined actions.
IOCClass LibraryLibrary managing calls to and from the Falcon Host Management API for indicators.
WebASP.NET Web ApplicationMVC based web application to provide user interface for interacting with the system.

Contribution

Contribution is key to the successs of any open source project. As such we highly recommend you get involved and help us to make the tool better for everyone! For guidelines on contributing refer to CONTRIBUTING.md

License

All code in this repository (unless otherwise specified in the source file) is licensed under the Affero GPLv3 license.

Refer to LICENSE.md for more information.