Suppressing alerts in CrowdStrike

1. Download the two following .yaml files

  • Prelude Alert Suppression_1.yaml
  • Prelude Alert Suppression_2.yaml
    1. In the Crowdstrike Console, navigate to ""Fusion SOAR"" and select ""Workflows""
    2. Select ""Create Workflow"", then choose ""Import Workflow""
    3. Select ""Upload Workflow file"" and import the two files downloaded in step 1
    4. Change the last sleep in the second workflow(Prelude Alert Suppression_2) to an alerting action such a ""Send Email"" or ""Send Slack"" (see screenshot below). This will ensure that you get notified for any non Prelude alerts.