Falcon Orchestrator

What features do you want to see next?


As an open source project we’re looking to members of the community to provide feedback on we should include next. Share your thoughts with us so we can prioritize and release features that matter most to you!


PDFs explaining what calls to action, supported security appliances/software.
Youtube videos giving highlights of the tool, but also very indepth videos explaining the features and more importantly, how to use them.


Have you checked out the Wiki under the GitHub project? There’s a link within there to a YouTube video providing an overview of the project as well. The documentation could use some refinement. Will look to provide more information soon. Thanks for the feedback!


Hey Mr. Burns,

I am currently working with an organization that uses CrowdStrike Falcon Host. I have a question I am unable to find any documents to help investigate some of the alerts that I see our product triggers. Especially with OperatioNName: “validateEntitlementsHmac” events. Are there documents available for me to reference when I do see these types of alerts? Any and all help is greatly appreciated.


Hey gopmister! Falcon Host specific questions should be directed to our support team (support@crowdstrike.com) for further information. There is documentation accessible through the Falcon Host UI which will outlined the different event types in the API. If you have any questions specific to Orchestrator, feel free to post here by starting a new topic. Cheers!


How about the ability to link/add multiple detections to a single ticket in a clear way so that you know which detections are assigned to which ticket ID.

Also it would be nice to be able to bulk edit and assign detections, and to filter them by status or assignee.

An option in forensics where you could execute remote powershell commands or scripts would be cool as well.


Perhaps a master installation script that checks for proper versioning, allows for load directories to be configured or changed and installations verified before moving to next steps. This would be for all products required for Orchestrator to work properly. Frustrated with the myriad of products that I had to install and the mistakes made doing so. Still struggling with it. Not sure if this is the best place to interact with CO users? I do not have a strong developer background but most of the customers for this will probably not either. Some of the initial docs are good but not much depth.