Falcon Foundry Samples
Build on the Falcon platform with these open-source Foundry samples. Each project demonstrates real-world patterns — from RTR automation to third-party API integration — and can be cloned, customized, and deployed to your own environment.
Featured Samples
Section titled “Featured Samples”Rapid Response
Patch, upload, and remove files from hosts using RTR scripts, Fusion SOAR workflows, and Foundry UI extensions.
MITRE ATT&CK Triage
Provides a MITRE-prioritized view of XDR detections for faster triage and investigation workflows.
Scalable RTR
Orchestrate file and registry verification across Windows endpoints at scale with automated RTR workflows.
All Foundry Samples
Section titled “All Foundry Samples”| Repository | Category | Description |
|---|---|---|
| foundry-sample-rapid-response | Endpoint Security | Patch, upload, and remove files from hosts via RTR, SOAR, and UI extensions |
| foundry-sample-mitre | Detection Triage | MITRE ATT&CK-prioritized XDR detection triage view |
| foundry-sample-scalable-rtr | Endpoint Security | Scalable file and registry verification across Windows |
| foundry-sample-anomali-threatstream | Threat Intelligence | Anomali ThreatStream sample Foundry app |
| foundry-sample-category-blocking | Endpoint Security | Category-based blocking rules for endpoint protection |
| foundry-sample-charlotte-toolkit | AI Security | Charlotte Toolkit sample Foundry app |
| foundry-sample-collections-toolkit | Developer Reference | Collections management toolkit and reference implementation |
| foundry-sample-logscale | Data Integration | Custom data ingestion to LogScale sample Foundry app |
| foundry-sample-servicenow-itsm | IT Integration | ServiceNow ITSM and SIR sample Foundry app |
| foundry-sample-zscaler-internet-access | Network Security | Zscaler Internet Access sample Foundry app |
| foundry-sample-insider-risk-workday | Identity | Insider Risk Workday sample Foundry app |
| foundry-sample-insider-risk-sailpoint | Identity | Insider Risk SailPoint sample Foundry app |
| foundry-sample-detection-translation | Detection Triage | Detection translation and context sample Foundry app |
| foundry-sample-foundryjs-demo | Developer Reference | Foundry-JS Demo sample Foundry app |
| foundry-sample-functions-python | Developer Reference | Functions with Python sample Foundry app |
| foundry-sample-idp-notifications | Identity | Falcon IdP Domain and Connector Monitoring sample Foundry app |
| foundry-sample-ngsiem-importer | Data Integration | Threat Intel Import to NG-SIEM sample Foundry app |
| foundry-sample-openrouter-toolkit | AI Security | OpenRouter Toolkit sample Foundry app |
| foundry-sample-servicenow-idp | Identity | ServiceNow CMDB Ingest For Identity Protection sample Foundry app |
| foundry-sample-threat-intel | Threat Intelligence | Threat Intelligence Detections Enrichment sample Foundry app |
| foundry-sample-template | Developer Reference | Template repo for new Foundry samples |