Skip to main content
Version: 2.12.1

Falcon Endpoint Security (EDR/NGAV)

Free integration setupWe’ll install and validate this for you.
Book a setup call

Overview

Superna Data Security Edition + CrowdStrike Falcon automates endpoint containment the moment malicious activity is detected at the data layer. The result is coordinated response across storage and EDR with reduced blast radius, lower MTTR, and fewer manual steps.

Free white-glove setup

We’ll install and validate this integration for you at no charge so you can see value fast. Next step: use Book a setup call at the top of this page.

See CrowdStrike integration landing page

What You Get

  • Automated host containment from storage-layer detections (no swivel-chairing).
  • Lower MTTR & reduced blast radius by cutting off compromised hosts fast.
  • Clear incident context (actor, IPs, affected paths/files) to accelerate triage.
  • Works with your SOC toolchain via Superna’s Zero-Trust API and webhooks.

Demo Video

How It Works

  1. Detect – Superna Data Security Edition identifies a critical threat (e.g., ransomware patterns, mass delete).
  2. Trigger – Superna's webhook posts event details (severity, user, IP, affected paths) to a lightweight integration endpoint.
  3. Contain – The endpoint calls CrowdStrike Falcon APIs to contain the matching device(s).
  4. Confirm & Collaborate – Containment status is visible in Falcon; SOC proceeds with host remediation.
Falcon Host Contained Falcon Host Containment Update

Components

  • Superna Data Security Edition — Detects threat behavior at the storage/data layer and emits a webhook.
  • Integration Service — Lightweight service on the Eyeglass VM that translates webhooks to CrowdStrike API calls.
  • CrowdStrike Falcon — Executes host containment and exposes status in Host Management.

Architecture / Flow

FAQs

Does this change how AD lockouts work?

No. Falcon containment is in addition to any Superna lockout actions you already use.

Will containment hit performance?

The API calls are lightweight. The only impactful action is Falcon’s host containment, which is expected and controlled by your SOC.

Can we pilot in a lab first?

Yes — we recommend starting with a non-prod endpoint to validate end-to-end.

What’s required from our side?

CrowdStrike API client credentials with Host/Asset read/write in your Falcon tenant. We’ll guide you.