The OpenRouter Toolkit sample Foundry app is a community-driven, open source project which serves as an example of an app which can be built using CrowdStrike's Foundry ecosystem. foundry-sample-openrouter-toolkit is an open source project, not a CrowdStrike product. As such, it carries no formal support, expressed or implied.
This app is one of several App Templates included in Foundry that you can use to jumpstart your development. It comes complete with a set of preconfigured capabilities aligned to its business purpose. Deploy this app from the Templates page with a single click in the Foundry UI, or create an app from this template using the CLI.
Important
To view documentation and deploy this sample app, you need access to the Falcon console.
The OpenRouter Toolkit brings the power of various AI models directly into your CrowdStrike workflow, allowing security professionals to leverage advanced language models for threat analysis, indicator investigation, and general security research without leaving the platform.
- The Foundry CLI (instructions below).
- Python 3.13+ (needed if modifying the app's functions). See Python For Beginners for installation instructions.
- Node 22+ (needed if modifying the app's UI). See https://nodejs.org for installation instructions.
You can install the Foundry CLI with Scoop on Windows or Homebrew on Linux/macOS.
Windows:
Install Scoop. Then, add the Foundry CLI bucket and install the Foundry CLI.
scoop bucket add foundry https://github.com/crowdstrike/scoop-foundry-cli.git
scoop install foundryOr, you can download the latest Windows zip file, expand it, and add the install directory to your PATH environment variable.
Linux and macOS:
Install Homebrew. Then, add the Foundry CLI repository to the list of formulae that Homebrew uses and install the CLI:
brew tap crowdstrike/foundry-cli
brew install crowdstrike/foundry-cli/foundryRun foundry version to verify it's installed correctly.
Clone this sample to your local system, or download as a zip file and import it into Foundry.
git clone https://github.com/CrowdStrike/foundry-sample-openrouter-toolkit
cd foundry-sample-openrouter-toolkitLog in to Foundry:
foundry loginSelect the following permissions:
- Create and run RTR scripts
- Create, execute and test workflow templates
- Create, run and view API integrations
- Create, edit, delete, and list queries
Deploy the app:
foundry apps deployTip
If you get an error that the name already exists, change the name to something unique to your CID in manifest.yml.
Once the deployment has finished, you can release the app:
foundry apps releaseNext, go to Foundry > App catalog, find your app, and install it. Go to Next-Gen SIEM > Incidents, then click on an incident and See full incident. Once you click on a node in the workbench, you'll be able to see the UI extension from this app.
A CrowdStrike Foundry extension that provides seamless integration with OpenRouter's API, enabling access to multiple Large Language Model providers through a unified interface within the CrowdStrike security platform.
Key Benefits:
- Multi-Model Access: Choose from OpenAI, Anthropic, Meta, Google, and other leading AI providers
- Foundry Integration: Embedded directly in the CrowdStrike NGSIEM workbench
- Context Awareness: Automatically incorporates incident data for enhanced analysis
- Flexible Configuration: Customizable model selection, temperature, and provider preferences
See this sample's App docs README for more information.
This project includes end-to-end tests using Playwright to verify the extension installs and renders correctly in the Foundry platform.
cd e2e
npm ci
npx playwright install chromium
cp .env.sample .env
# Edit .env with your Falcon credentials
npm testSee the E2E README for detailed testing instructions, test scenarios, and troubleshooting.
E2E tests run automatically in GitHub Actions on pushes and pull requests to verify:
- Extension installation and discovery
- UI rendering in the NGSIEM workbench socket
- Form interactions and error handling
