CrowdStrike & SIEM Threat Detection Setup

@ffulb

Your MITRE ATT&CK mapping requirement caught my attention - that's exactly how detection rules should be structured for long-term SOC ownership. I'll build custom detection logic in CrowdStrike and Google SecOps that correlates with your Qualys vulnerability data, then automate IOC feeds from OpenCTI/MISP into both platforms. Each rule comes with clear documentation including rollback procedures. My Telegram operations bot handles similar multi-platform integration challenges, pulling data from various APIs and triggering automated responses. I've also built automation systems that manage complex workflows across multiple services, which translates well to security stack orchestration. You can see my integration work at ffulb.com. Need access to your CrowdStrike, Google SecOps, Qualys, and TIP platform credentials to assess the current setup and start building the detection framework. Can begin immediately once I take a look at your environment to confirm the integration approach.

@MoeezAhmedDev

Hi, I can help you unify and operationalize your security stack across CrowdStrike, Google SecOps/Splunk, Qualys, and OpenCTI/MISP. ✔ High-fidelity detections mapped to MITRE ATT&CK ✔ Threat hunting in EDR + SIEM with reusable queries ✔ TIP integration (IOC/TTP enrichment → SIEM & CrowdStrike) ✔ Risk-based alerting by correlating Qualys + telemetry ✔ Clean documentation with rollback & SOC-ready handover I focus on practical, production-ready detections and automation that reduce noise and improve response speed. Happy to share approach and timelines—ready to start with your lab environment.

@belleLeon

I have a mature security stack built around CrowdStrike, Google SecOps (Splunk in some environments), Qualys, and a TIP layer that alternates between OpenCTI and MISP. What I need now is hands-on expertise that ties all of these platforms together: • Craft high-fidelity detection logic inside CrowdStrike and Google SecOps/Splunk, mapping each rule to MITRE ATT&CK and my own use-case catalogue. • Proactively hunt in both the EDR and SIEM data to validate those detections, surface hidden threats, and document repeatable hunt queries. • Integrate threat intelligence feeds into the TIP and push the relevant IOCs, TTPs, and context back down to CrowdStrike and the SIEM so automation can enrich alerts in real time. • Correlate Qualys vulnerability data with endpoint and log telemetry, turning patch gaps into actionable risk-based alerts. Access will be provided to a lab first, then to production once new rules and integrations clear testing. I value clear documentation: every detection or integration should come with a description, prerequisites, and rollback steps so the SOC can own it long term. If you have demonstrable experience tuning CrowdStrike, building detections in Splunk or Chronicle, and wiring OpenCTI/MISP to both, I would love to see examples and talk timelines for each milestone.