Net new ISC Identity Risk SaaS Connectors - CrowdStrike, ProofPoint and Elevate Security Connector in Identity Security Cloud!

We are super excited to announce the roll out of new SailPoint Identity Risk SaaS connectors in Identity Security Cloud - CrowdStrike, ProofPoint and Elevate Security. These SaaS Connectors do not require a Virtual Appliance to run and provide SaaS-SaaS connectivity. These SaaS Connectors have a core capability for bringing risk information for accounts for Identity Protection.

What is the Problem?

There is no such direct connector for CrowdStrike, Proofpoint, and Elevate Security for aggregating the account details along with the risk information.

What is the Solution?

These three Identity Risk SaaS Connectors has following capabilities,

• Aggregation of Accounts
• Single Account Aggregation
• Identity Protection - Aggregating Risk Information

Note -

• CrowdStrike Connector brings the risk information from CrowdStrike Falcon Identity Protection and Proofpoint brings the risk information from Proofpoint Nexus People Risk Explorer (NPRE) module.

What is Identity Protection Capabilities ?

• With the security reports in the particular systems like Microsoft Entra, CrowdStrike, Proofpoint, Elevate Security etc., you can gauge the probability of compromised user accounts in your environment.
• A user flagged for risk is an indicator for a user account that might have been compromised. The risky user represents the probability that a given identity or account is compromised.
• These risks are calculated offline these system’s internal and external threat intelligence sources. Overall, these capabilities is termed as, “Identity Protection”.

Documentation

• Integrating SailPoint with CrowdStrike
• Integrating SailPoint with ProofPoint
• Integrating SailPoint with Elevate Security

NOTE -

• If you are interested to check the Identity Protection Capabilities of Microsoft Entra (SaaS), you can refer Identity Protection - Aggregating Risk Information.
• For VA based Microsoft Entra ID Connector, you can refer Identity Protection - Aggregating Risk Information.

If you have any questions, please reach out to us, and we would be more than happy to help you in all possible ways.

Thanks!

Thank you for this, got the CrowdStrike connector all setup.

One challenge is the correlation of the accounts. Would love to see the ability to use the after account-list command on a SaaS Customizer become available - Account List | SailPoint Developer Community

With that, would be able to properly format the returned values, so that they can directly match up with Identity attribute values. After account-read (single account aggregation) is supported, maybe after account-list (full agg) is coming?

Thank you, @Kurt_Ramsey. That is super-fast. I appreciate your feedback.

For correlation, you can use following attributes as mentioned in Correlation Configuration section.

For this ask, I understand your requirement and the need for supporting after account-list command in the customizer. We are currently evaluating the requirements and will prioritize it in near future. Thanks!