Airlock Digital Learning Center

What’s Available on Crowdstrike Marketplace & Top 15 Integrations

Written by The Airlock Digital Team | Jun 30, 2026 4:44:13 PM

What Is the CrowdStrike Marketplace?

The CrowdStrike Marketplace is an online platform where CrowdStrike customers can discover, evaluate, and purchase complementary cybersecurity solutions that integrate with the CrowdStrike Falcon platform. The marketplace is currently focused exclusively on products and integrations built for the Falcon ecosystem, helping organizations extend the value of their existing CrowdStrike investment with compatible, best-of-breed security technologies.

CrowdStrike Falcon customers can discover, try, and buy complementary, best-of-breed security solutions from established market leaders and today’s hottest disruptors. By centralizing a broad range of security offerings in one place, the Marketplace simplifies how security teams enhance their defenses without having to manage disconnected tools or complex vendor relationships. Each listing is reviewed for compatibility with Falcon, helping reduce integration challenges and accelerate deployment.

The Marketplace includes partner applications, API integrations, data connectors, managed services, and solution provider offerings that work seamlessly within the Falcon ecosystem. This allows security teams to quickly identify solutions tailored to specific use cases, such as threat detection, identity protection, cloud security, compliance reporting, and workflow automation.

Useful links:

In this article:

 

Why CrowdStrike Built a Marketplace for the Falcon Ecosystem

Modern threats move quickly across vectors, requiring integrated defenses that can share intelligence and coordinate actions across a wide variety of threats. Marketplaces emerged as a response, offering a single location to browse, purchase, and deploy compatible solutions. This model reduces vendor sprawl, simplifies contract management, and shortens time to value for new investments.

The Falcon platform provides a unified security architecture that acts as an integration backbone for a range of security technologies. Its APIs and modular design enable third-party vendors to build applications and connectors that use Falcon telemetry, detection, and response capabilities. This ensures additional tools do not operate in isolation but instead enhance the overall security posture through tight integration.

By serving as the foundation for the Marketplace, Falcon allows organizations to extend capabilities or duplicating infrastructure. Integrated apps inherit Falcon security context and management workflows, providing a consistent experience for administrators. This backbone approach ensures that each new solution added through the Marketplace strengthens, rather than fragments, security operations.

What’s Available on the CrowdStrike Marketplace? 

Partner Apps That Run Inside the Falcon Console

CrowdStrike Marketplace offers partner applications that integrate directly into the Falcon console, delivering extended capabilities without requiring separate interfaces or installations. These apps use Falcon telemetry and detection capabilities, providing features such as analytics, threat intelligence, and compliance monitoring. By operating within the same management environment, administrators reduce context switching between tools.

These partner applications undergo vetting to ensure they meet CrowdStrike security and integration standards. This process gives customers confidence that the apps will not introduce additional risk or complexity. The ability to deploy and manage these solutions from within the Falcon console simplifies ongoing operations and speeds adoption of new security technologies.

API-Led Integrations and Data Connectors

The Marketplace includes API-led integrations and data connectors that support data sharing and automation across the security stack. These integrations allow organizations to connect Falcon with solutions like application control, SIEM, SOAR, and threat intelligence, enabling real-time data flow and cross-platform coordination. API-driven connectivity reduces manual intervention and supports faster incident response.

Data connectors help break down data silos and provide a broader view of threats across the organization. By using standardized APIs, these connectors ensure Falcon telemetry can be ingested, correlated, and acted on by other platforms. This interoperability supports detection, investigation, and remediation workflows.

Solution Provider and Reseller Private Offers

In addition to public listings, the CrowdStrike Marketplace supports private offers from solution providers and resellers. These offers allow organizations to negotiate custom pricing, bundled solutions, and services tailored to their requirements. Private offers are valuable for enterprises with complex procurement processes or those consolidating spend across multiple vendors.

Working with resellers through the Marketplace helps organizations manage multi-vendor environments. Resellers can provide advisory services, implementation support, and account management. The Marketplace integration of private offers simplifies procurement while maintaining flexibility for enterprise needs.

Featured CrowdStrike Marketplace Vendors and Integrations

Endpoint Security

1. Airlock Digital: Application Control

Airlock Digital Application Control integrates with CrowdStrike Falcon to combine the proactive protection of application allowlisting with the advanced threat detection and response capabilities of CrowdStrike. The integration allows organizations to prevent, detect, and respond to threats across diverse environments, including IT, OT, and cloud infrastructure.  It helps deliver a robust, defense-in-depth security strategy, preventing malicious applications from executing while enabling rapid response to potential threats.

Key features include:

  • Native Integration: Integrate Airlock Digital Application Control with CrowdStrike endpoint detection and response to block and respond to threats seamlessly.
  • Event Correlation: Correlate allowlisting events with CrowdStrike telemetry for deeper insights and a comprehensive view of endpoint activity.
  • Streamlined Agent Management: Allow users to deploy and manage agents seamlessly via the CrowdStrike Falcon console, making rapid implementation of a Deny by Default security posture a reality.
  • Alert Volume: Reduce the volume of alerts by proactively preventing the execution of all untrusted code.
  • Compliance Support: Simplify regulatory adherence with centralized logging and reporting across both platforms.

See Airlock Digital on the Crowdstrike Marketplace

2. NinjaOne Endpoint Management

NinjaOne Endpoint Management integrates with CrowdStrike Falcon to combine endpoint protection with IT management workflows. The integration allows organizations to deploy CrowdStrike Falcon sensors through NinjaOne, monitor endpoint status from centralized dashboards, and streamline threat response activities. It also surfaces CrowdStrike alerts directly in NinjaOne to improve visibility and coordination between IT and security teams.

Key features include:

  • Automatic sensor deployment: Deploy CrowdStrike Falcon sensors to endpoints using NinjaOne installation workflows to simplify onboarding and reduce manual setup tasks.
  • Centralized threat visibility: View CrowdStrike alerts and endpoint status directly within NinjaOne dashboards, including links to affected devices for investigation.
  • Integrated threat notifications: Surface quarantined threat alerts inside NinjaOne and trigger notifications through channels such as Slack, Microsoft Teams, email, SMS, or PagerDuty.
  • Unified endpoint management workflows: Combine endpoint management and security operations in a single interface to streamline incident handling and operational processes.
  • Single-source product access: Access CrowdStrike Falcon products and related licensing through NinjaOne-managed procurement and billing workflows.


Source: NinjaOne

3. Sevco Security Asset Intelligence Platform

Sevco Security Asset Intelligence Platform integrates with CrowdStrike Falcon to improve visibility into endpoint coverage and security tool deployment across enterprise environments. The platform correlates Falcon asset data with information from other security tools to create a centralized inventory of assets, identify coverage gaps, and support compliance and incident response processes.

Key features include:

  • Security coverage gap detection: Identify assets that are missing CrowdStrike Falcon agents or other required security controls to reduce unmanaged exposure.
  • Centralized asset inventory: Correlate endpoint and security telemetry from multiple tools to maintain a unified view of enterprise assets.
  • Security control validation: Validate Falcon deployments and security tool coverage to support compliance reporting and operational audits.
  • Incident response acceleration: Provide visibility into asset states, status changes, and security context to support faster investigations.
  • License usage optimization: Detect unused Falcon licenses and identify opportunities to optimize software utilization and budgeting.


Source: Sevco Security

AI Security

4. Adaptive Security

Adaptive Security provides AI-focused security awareness training and attack simulation capabilities to address AI-powered social engineering threats. The platform helps organizations prepare employees for emerging attack techniques that use generative AI to create more convincing phishing, impersonation, and manipulation campaigns.

Key features include:

  • AI-focused security awareness training: Deliver training programs designed to educate employees about AI-driven social engineering threats and attack techniques.
  • AI attack simulations: Simulate AI-generated phishing and impersonation attacks to test employee readiness and improve security awareness.
  • Social engineering threat protection: Focus on threats involving AI-assisted manipulation, impersonation, and fraudulent communications.
  • Integration with enterprise security ecosystems: Supports integration with platforms and services commonly used in enterprise security environments.
  • Centralized training management: Manage awareness training and simulation activities through a centralized platform.


Source: Adaptive Security

5. Darktrace AI Threat Intelligence

Darktrace integrates with CrowdStrike Falcon to combine endpoint telemetry with Darktrace’s self-learning AI threat detection platform. The platform analyzes behavioral patterns across users, devices, cloud environments, collaboration tools, and networks to identify anomalous activity and potential threats. CrowdStrike endpoint alerts provide additional host-level context for investigations and automated response actions.

Key features include:

  • Self-learning threat detection: Use behavioral analysis and machine learning to identify unusual activity and emerging threats across enterprise environments.
  • Endpoint and network visibility integration: Combine CrowdStrike endpoint alerts with telemetry from networks, cloud platforms, collaboration tools, IoT, and email systems.
  • Autonomous response capabilities: Trigger automated response actions to contain or disrupt malicious activity across connected systems and environments.
  • AI-driven incident investigations: Automatically triage, interpret, and report on security incidents using AI-based analysis workflows.
  • Cross-environment threat correlation: Correlate endpoint detections with broader organizational activity patterns to improve threat visibility and context.


Source: Darktrace

6. WitnessAI

WitnessAI provides security and governance controls for enterprise AI and large language model usage. The platform is intended to help organizations adopt AI technologies while applying governance guardrails, security policies, and oversight mechanisms for LLM interactions and AI-driven workflows.

Key features include:

  • LLM security guardrails: Apply security controls and governance policies to large language model usage and AI interactions.
  • AI governance capabilities: Support organizational oversight and policy enforcement for enterprise AI adoption.
  • Safe AI usage controls: Help manage risks associated with AI systems and generative AI workflows.
  • Enterprise AI integration support: Integrate AI governance capabilities into existing enterprise security environments.
  • Centralized AI oversight: Provide centralized management for AI-related security and governance processes.


Source: WitnessAI

Cloud Security

7. AWS Security Hub

AWS Security Hub integrates with CrowdStrike Falcon to centralize CrowdStrike detections inside AWS security operations workflows. The integration imports Falcon findings into AWS Security Hub, where teams can review, prioritize, and act on detections using existing AWS automation and response processes.

Key features include:

  • Aggregated security findings: Import CrowdStrike Falcon detections into AWS Security Hub to consolidate security findings across AWS accounts.
  • Enriched detection context: Centralize Falcon alerts with related AWS security data to support prioritization and investigation.
  • Automated response workflows: Use AWS Security Hub automations to respond to CrowdStrike detections.
  • Simplified AWS deployment: Deploy the Falcon Integration Gateway using CloudFormation templates as a container or EC2 instance.
  • Native ASFF formatting: Transform Falcon detections into AWS Security Finding Format for use inside AWS Security Hub.

Source: Amazon

8. Nutanix Cloud Platform

Nutanix Cloud Platform integrates with CrowdStrike Falcon to extend workload protection across Nutanix AHV environments, virtual machines, and VDI workloads. The integration uses the Falcon sensor to provide endpoint and workload security while supporting Nutanix infrastructure operations.

Key features include:

  • Simplified deployment and management: Use the Falcon agent to protect Nutanix AHV server workloads and VDI environments.
  • Cloud workload protection: Extend CrowdStrike workload protection to applications and virtualized infrastructure running on Nutanix.
  • Performance-aware security: Protect workloads without adding unnecessary operational or performance overhead.
  • Development lifecycle protection: Apply security controls across workloads used during application development and operation.
  • Reduced operational overhead: Support faster security rollout across Nutanix multi-cloud environments.

Source: Nutanix

9. Obsidian Security

Obsidian Security integrates with CrowdStrike to extend detection and response across SaaS environments. The platform provides visibility across applications, users, and data, helping teams investigate breaches, identify insider threats, and strengthen SaaS and cloud security using an identity-centric approach.

Key features include:

  • SaaS threat detection: Extend detection coverage across SaaS applications and cloud services.
  • User and data visibility: Provide visibility into users, applications, and sensitive data across SaaS environments.
  • Breach investigation support: Help security teams investigate suspected SaaS breaches and related activity.
  • Insider threat detection: Identify risky or suspicious behavior across SaaS and cloud services.
  • Identity-centric protection: Use identity context to help detect and stop attacks across SaaS environments.


Source: Obsidian Security

Identity Security

10. Okta Identity-Centric Zero Trust Integration

Okta Identity-Centric Zero Trust integrates Okta identity data with CrowdStrike device and endpoint context. The integration helps organizations make access decisions using both user login context and device security posture, supporting secure remote access and automated policy enforcement.

Key features include:

  • User and device context: Combine Okta identity data with CrowdStrike endpoint posture signals.
  • Context-aware access decisions: Use device and identity insights to inform access policies for cloud and on-premises resources.
  • Automated access responses: Automate access decisions based on real-time user and endpoint risk context.
  • Remote workforce support: Support secure access for distributed teams without relying only on static authentication checks.
  • Zero trust policy enforcement: Apply access controls based on identity, device status, and security posture.

11. CyberArk

CyberArk integrates with CrowdStrike to support identity security and privileged access management across human and machine identities. Its CrowdStrike marketplace integrations focus on protecting privileged accounts and credentials, including discovery, management, and remediation workflows through CyberArk Privileged Access Manager.

Key features include:

  • Privileged access management: Control and secure privileged accounts used across business applications, hybrid cloud workloads, and DevOps environments.
  • Credential protection: Help prevent misuse of privileged credentials and high-risk accounts.
  • Human and machine identity coverage: Apply identity security controls across workforce users, service accounts, and machine identities.
  • Privileged account discovery: Identify privileged accounts and credentials that require management or remediation.
  • Falcon LogScale integration: Support privileged account discovery, management, and remediation workflows through CyberArk Privileged Access Manager for Falcon LogScale.


Source: CyberArk

12. Beyond Identity Zero Trust Authentication

Beyond Identity Zero Trust Authentication integrates with CrowdStrike Falcon to combine identity assurance with device trust. The integration validates Falcon agent presence, uses CrowdStrike Zero Trust Assessment scores, and continuously checks device posture during sessions to enforce risk-based access policies.

Key features include:

  • Device trust validation: Confirm that authenticating devices are compliant, low risk, and running the Falcon agent.
  • Continuous authentication: Reassess identity and device trust during active sessions.
  • Device quarantine controls: Quarantine devices that fall out of compliance with authorization policies.
  • Passwordless authentication: Replace passwords with phishing-resistant authentication to reduce credential theft risk.
  • Zero trust access enforcement: Apply access controls based on identity validation, device posture, and risk telemetry.

Source: Beyond Identity

Next-Gen SIEM and SOAR

13. Zscaler SOAR Actions

Zscaler SOAR Actions integrates Zscaler Internet Access with CrowdStrike Falcon Fusion SOAR workflows. The integration automates secure web access controls, including policy enforcement, URL and IP blocklist updates, and user access management.

Key features include:

  • Automated policy enforcement: Update URL and IP blocklists through automated workflows.
  • User access management: Manage user group access dynamically to align with web usage policies.
  • Internet-borne threat mitigation: Block malicious web content in real time to reduce exposure.
  • SOAR workflow integration: Use Falcon Fusion SOAR workflows to automate security responses.
  • Web security automation: Streamline secure web access operations and policy compliance.

Source: Zscaler

14. Securonix Next-Gen SIEM

Securonix Next-Gen SIEM integrates with CrowdStrike Falcon to bring endpoint intelligence into SIEM analytics and investigations. The integration uses the Falcon API to gather real-time endpoint intelligence, enrich behavioral analysis, and support detection of malware, ransomware, and other advanced threats.

Key features include:

  • Endpoint visibility: Use CrowdStrike Falcon telemetry to add endpoint context to SIEM investigations.
  • Advanced threat detection: Apply machine learning and behavioral analytics to detect known and unknown threats.
  • Behavioral analytics enrichment: Use user behavior information to improve detection and investigation context.
  • Managed SIEM operations: Provide SIEM capabilities through a managed cloud-native environment.
  • Lower infrastructure overhead: Reduce the need to host, configure, and maintain traditional SIEM infrastructure.


Source: Securonix

15. Sumo Logic Cloud SIEM

Sumo Logic Cloud SIEM integrates CrowdStrike threat intelligence and endpoint telemetry into Sumo Logic’s cloud-native analytics platform. The integration correlates and enriches alerts to support SOC triage, investigation, and threat hunting across multiple data sources.

Key features include:

  • Threat intelligence integration: Use CrowdStrike threat intelligence within Sumo Logic analytics and SIEM workflows.
  • Security event correlation: Correlate alerts across data sources to identify higher-priority incidents.
  • Endpoint telemetry analysis: Use CrowdStrike endpoint data for investigation and threat hunting.
  • Real-time dashboards and alerts: Provide dashboards, searchable queries, and alerting for emerging threats.
  • Broader security visibility: Analyze vulnerabilities, authentication activity, AV scans, DNS requests, and document access across the environment.

Source: Sumo Logic

Best Practices for Buying Through the CrowdStrike Marketplace

1. Map Every Listing to a Documented Falcon Use Case Before Trialing

Before trialing any listing from the CrowdStrike Marketplace, map the solution to a documented Falcon use case. This ensures each app or integration serves a defined security objective, such as improving threat detection, automating response, or closing compliance gaps. Linking solutions to use cases also helps measure effectiveness and return on investment during and after evaluation.

This process prevents tool sprawl and avoids unnecessary purchases that do not align with organizational needs. By focusing on solutions that enhance existing Falcon capabilities, security teams can get more value from investments and simplify deployment and management. Documenting use cases also supports stakeholder alignment across IT and security functions.

2. Prioritize Apps That Share Telemetry With the Single Falcon Agent

Prioritize Marketplace apps that use telemetry collected by the Falcon agent. This allows teams to extend detection, investigation, and response workflows without adding more endpoint agents or creating parallel data pipelines. A single-agent model reduces endpoint overhead and keeps security data tied to the same device, user, process, and threat context.

This makes operations easier. Analysts can work from a consistent source of endpoint data instead of reconciling alerts from disconnected tools. When apps enrich or act on Falcon telemetry directly, they are more likely to improve workflows instead of adding another console.

3. Integrate Allowlisting with Endpoint Detection and Response (EDR) to Close the Prevention Gap

Use allowlisting tools from the CrowdStrike Marketplace together with Falcon EDR capabilities instead of treating them as separate controls. Allowlisting helps prevent unauthorized applications and scripts from running, while EDR detects suspicious behavior that bypasses prevention policies or originates from approved software. Combining both approaches reduces the gap between blocking known unwanted activity and identifying unknown threats.

This integration also improves operational visibility. Security teams can use Falcon telemetry to validate allowlisting decisions, investigate blocked activity, and identify applications that should be approved or removed. When prevention and detection share the same endpoint context, teams can tune policies faster and reduce false positives without weakening security controls.

Organizations with strict compliance or operational requirements can also use this model to support Zero Trust and application control strategies. Allowlisting limits execution paths, while EDR provides monitoring and response when exceptions occur. Together, they create a layered defense model that is easier to manage than isolated prevention tools.

4. Apply CrowdCredits Against Contracts You Would Renew Anyway

Use CrowdCredits for Marketplace purchases that align with planned renewals or known security priorities. This avoids spending credits on tools that appear useful in a trial but do not map to a long-term requirement. The best candidates support an existing Falcon use case, replace a current tool, or expand a capability the team already uses.

This also simplifies budgeting. Security teams can treat Marketplace purchases as part of their platform strategy instead of creating separate procurement paths for each integration. Applying credits to contracts the organization would likely renew improves spend efficiency and reduces wasted licensing.

Conclusion

The CrowdStrike Marketplace transforms security operations by centralizing access to best-of-breed, integrated solutions that extend the Falcon platform's capabilities. This model simplifies procurement, reduces vendor sprawl, and ensures new investments bolster a unified security architecture. By following strategic buying practices, organizations can maximize the value of their investments and maintain an efficient, strong defense posture.

Check out Airlock Digital: Precision Application Control on the Crowdstrike Marketplace