Skip to content

BP-2641: Crowdstrike Falcon for IT#323

Open
jeff-matthews wants to merge 7 commits into
mainfrom
BP-2641-crowdstrike-integration
Open

BP-2641: Crowdstrike Falcon for IT#323
jeff-matthews wants to merge 7 commits into
mainfrom
BP-2641-crowdstrike-integration

Conversation

@jeff-matthews

@jeff-matthews jeff-matthews commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Vendor-provided docs for the Crowdstrike Falcon for IT integration converted to BloodHound docs.

Staging

Summary by CodeRabbit

Summary by CodeRabbit

  • New Features
    • Added documentation for the CrowdStrike Falcon for IT integration, including setup, configuration of live queries, and verification of ingested results.
    • Added a new “Falcon for IT” page describing how to run and validate the workflow and review related dashboards.
    • Updated the documentation site’s navigation and supported integrations overview to include CrowdStrike “Falcon for IT,” with direct links.

@jeff-matthews jeff-matthews self-assigned this Jun 24, 2026
@jeff-matthews jeff-matthews added the integrations Docs related to integrations with third-party platforms label Jun 24, 2026
@coderabbitai

coderabbitai Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Warning

Review limit reached

@jeff-matthews, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 13 minutes and 49 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2cc100b4-9958-4642-ab1d-a6e2b5a5a9db

📥 Commits

Reviewing files that changed from the base of the PR and between 044bb1f and d447cd6.

⛔ Files ignored due to path filters (15)
  • docs/images/integrations/crowdstrike/falcon-for-it/add-filters.png is excluded by !**/*.png
  • docs/images/integrations/crowdstrike/falcon-for-it/app-catalog.png is excluded by !**/*.png
  • docs/images/integrations/crowdstrike/falcon-for-it/event-logs-queries.png is excluded by !**/*.png
  • docs/images/integrations/crowdstrike/falcon-for-it/event-logs-upload.png is excluded by !**/*.png
  • docs/images/integrations/crowdstrike/falcon-for-it/execute-now.png is excluded by !**/*.png
  • docs/images/integrations/crowdstrike/falcon-for-it/file-ingest.png is excluded by !**/*.png
  • docs/images/integrations/crowdstrike/falcon-for-it/installation-success.png is excluded by !**/*.png
  • docs/images/integrations/crowdstrike/falcon-for-it/query-input.png is excluded by !**/*.png
  • docs/images/integrations/crowdstrike/falcon-for-it/run-live-query.png is excluded by !**/*.png
  • docs/images/integrations/crowdstrike/falcon-for-it/schedule-query.png is excluded by !**/*.png
  • docs/images/integrations/crowdstrike/falcon-for-it/validate-and-save.png is excluded by !**/*.png
  • docs/images/integrations/crowdstrike/falcon-for-it/verify-telemetry.png is excluded by !**/*.png
  • docs/images/integrations/crowdstrike/falcon-for-it/view-workflow-run.png is excluded by !**/*.png
  • docs/images/integrations/crowdstrike/falcon-for-it/workflow-action-menu.png is excluded by !**/*.png
  • docs/images/integrations/crowdstrike/falcon-for-it/workflows.png is excluded by !**/*.png
📒 Files selected for processing (2)
  • docs/integrations/crowdstrike/falcon-for-it/configure.mdx
  • docs/integrations/crowdstrike/falcon-for-it/use.mdx

Walkthrough

Adds CrowdStrike Falcon for IT documentation to BloodHound Enterprise docs: navigation, an overview card, and new configure/use pages covering setup, workflow execution, dashboard checks, and ingestion verification.

Changes

CrowdStrike Falcon for IT Documentation

Layer / File(s) Summary
Navigation registration and overview card
docs/docs.json, docs/integrations/overview.mdx
Adds a CrowdStrike → Falcon for IT group in the API & Integrations navigation tree and inserts a CrowdStrike Falcon for IT supported-integration card in the overview page.
Configuration guide
docs/integrations/crowdstrike/falcon-for-it/configure.mdx
Creates the configure page with the integration overview, prerequisites, Foundry app installation, query setup, result verification, and the next-step link to ingestion validation.
Usage guide
docs/integrations/crowdstrike/falcon-for-it/use.mdx
Creates the use page with workflow overview, manual execution steps, dashboard review guidance, and ingestion verification in Falcon Next-Gen SIEM and BloodHound Enterprise.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

  • computator
  • Scoubi
  • rtippitt-specterops

Poem

🐇 I hop through the docs with a twinkle and grin,
CrowdStrike paths open where new guides begin.
Configure, then run, and verify the flow,
Through Falcon and BloodHound, the breadcrumbs all glow.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title matches the main change by naming the CrowdStrike Falcon for IT integration being documented.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch BP-2641-crowdstrike-integration

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

integrations Docs related to integrations with third-party platforms

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant