Multi-Cloud Visibility
Aggregate posture findings across AWS, Azure, GCP, and OCI accounts.
Secure the Cloud
Cloud environments expand your attack surface across providers, regions, and services. CrowdStrike gives you APIs for cloud security posture management (CSPM), container image scanning, Kubernetes workload protection, and cloud account registration - plus AI tooling and custom app development for building unified visibility across your cloud estate.
Container Scanning
Scan container images for vulnerabilities before deployment in your CI/CD pipeline.
Kubernetes Monitoring
Track workload compliance and detect runtime threats in Kubernetes clusters.
Account Onboarding
Register new cloud accounts and enable CSPM scanning automatically.
Compliance Mapping
Map cloud misconfigurations to regulatory frameworks and security benchmarks.
Configuration as Code
Register cloud accounts and deploy sensors declaratively with Terraform modules and the CrowdStrike provider.
API Service Collections
Section titled “API Service Collections”Cloud & Container Security
Section titled “Cloud & Container Security”The core APIs for managing cloud security across all major providers.
- Cloud Security - Unified cloud security operations across providers.
- CSPM Registration - Register and manage cloud accounts (AWS, Azure, GCP) for posture assessment.
- Cloud Security Assets - Query cloud resources and their security posture.
- Cloud Security Compliance - Assess compliance against security benchmarks and frameworks.
- Cloud Security Detections - Monitor and manage detections specific to cloud workloads.
- Cloud AWS Registration - AWS-specific account registration and configuration.
- Cloud Azure Registration - Azure-specific subscription registration.
- Cloud GCP Registration - GCP-specific project registration.
- Cloud OCI Registration - Oracle Cloud Infrastructure registration.
- Cloud Snapshots - Manage cloud snapshot scanning for dormant workloads.
- Cloud Policies - Configure cloud security policies and benchmarks.
Container Security
Section titled “Container Security”- Container Images - Scan and assess container images for vulnerabilities and misconfigurations.
- Container Vulnerabilities - Query vulnerability findings in container images.
- Container Alerts - Monitor security alerts from containerized workloads.
- Container Detections - Access detections specific to container runtime.
- Falcon Container - Manage the Falcon Container sensor deployment.
- Kubernetes Protection - Monitor Kubernetes clusters, namespaces, and pod security.
- Unidentified Containers - Discover containers running without Falcon protection.
Developer Resources
Section titled “Developer Resources”Falcon Foundry
Section titled “Falcon Foundry”The Anomali ThreatStream sample demonstrates connecting third-party threat intelligence to Falcon - a pattern you can adapt for cloud-specific threat feeds. Fusion SOAR workflows can automate cloud account onboarding and remediation of CSPM findings.
Falcon MCP
Section titled “Falcon MCP”The Falcon MCP gives AI assistants access to your cloud security data:
- Cloud module - query CSPM assets, search cloud security findings, and monitor container images
- Discover module - search cloud-connected assets and identify unmanaged resources
Ask “which AWS accounts have critical CSPM findings” or “show me container images with high vulnerabilities” through Claude Desktop, VS Code, or Gemini CLI.
Falcon Next-Gen SIEM
Section titled “Falcon Next-Gen SIEM”Cloud providers generate massive volumes of logs - CloudTrail, Activity Logs, Audit Logs - that need parsing before they’re searchable. The Parser Template includes a working AWS CloudTrail parser you can use as a starting point. The Module Guidelines list standardized module names for AWS, Azure, GCP, and dozens of other cloud vendors.
Configuration as Code
Section titled “Configuration as Code”Automate cloud account registration and sensor deployment declaratively instead of scripting API calls.
Terraform Modules:
- AWS Cloud Registration — Register AWS accounts with Falcon Cloud Security (asset inventory, RTVD, DSPM, agentless scanning)
- Azure Cloud Registration — Register Azure tenants and subscriptions with service principals and log ingestion
- GCP Cloud Registration — Register GCP organizations, folders, and projects with Workload Identity Federation
- OCI Cloud Registration — Register Oracle Cloud Infrastructure
- Kubernetes — Deploy Falcon Sensor, Admission Controller, and Image Analyzer to K8s and OpenShift clusters
Terraform Provider:
The CrowdStrike Terraform provider manages cloud security resources directly — AWS/Azure/GCP account registration, KAC policies, custom security rules, compliance frameworks, and suppression rules as declarative configuration.
Ansible:
The falcon_install role deploys Falcon sensors to cloud compute instances across Linux, macOS, and Windows via Ansible playbooks.