What Changed

New Logic App Playbook solution (v3.0.0) integrating Vaikora AI agent behavioral monitoring with CrowdStrike Falcon Custom IOC management. This is a novel AI security automation approach.

Playbook Logic

The VaikoraToCrowdStrike_Playbook.json implements:

  • Scheduled polling: Queries Vaikora GET /api/v1/actions API every 6 hours (configurable)
  • Risk filtering: Captures actions where risk_level is high or critical, or where is_anomaly is true
  • CrowdStrike integration: OAuth2 authentication to push Custom IOCs via POST /iocs/entities/indicators/v1

Signal Mapping & IOC Creation

Risk level translation:

  • critical → CrowdStrike severity: critical, action: prevent
  • high → CrowdStrike severity: high, action: detect
  • medium/low → CrowdStrike severity: medium, action: detect

IOC type resolution from Vaikora action fields:

  • ip_address or target_ip → ipv4 IOC
  • url or target_url → url IOC
  • Fallback → domain IOC

Automatic tagging includes vaikora, ai-agent-security, data443 (always), plus conditional tags ai-agent-anomaly and ai-threat-detected.

Security Impact

This introduces AI-driven threat intelligence sourcing for CrowdStrike deployments. Organizations using Vaikora for AI agent monitoring can now automatically translate behavioral anomalies into preventive IOCs across their endpoint infrastructure. The external_id field (vaikora-{action_id}) ensures deduplication.

Publisher: Data443 Risk Mitigation, Inc.

Affected Files

Solutions/Vaikora-CrowdStrike-ThreatIntelligence/Package/testParameters.json
Solutions/Vaikora-CrowdStrike-ThreatIntelligence/Playbooks/Images/playbook-create-basics.png
Solutions/Vaikora-CrowdStrike-ThreatIntelligence/Playbooks/Images/playbook-create-parameters.png
Solutions/Vaikora-CrowdStrike-ThreatIntelligence/Playbooks/Images/playbook-deployed-overview.png
Solutions/Vaikora-CrowdStrike-ThreatIntelligence/Playbooks/Images/playbook-deployed.png
Solutions/Vaikora-CrowdStrike-ThreatIntelligence/Playbooks/Images/playbook-template-detail.png
Solutions/Vaikora-CrowdStrike-ThreatIntelligence/Playbooks/README.md
Solutions/Vaikora-CrowdStrike-ThreatIntelligence/Playbooks/VaikoraToCrowdStrike_Playbook.json
(packaging artefacts: 3.0.0.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_VaikoraCrowdStrike.json, createUiDefinition.json, mainTemplate.json)