CrowdStrike Falcon is a cloud-native endpoint security platform known for its advanced threat detection using artificial intelligence and behavioral analytics, providing proactive threat prevention. It offers endpoint detection and response (EDR) capabilities and centralized management for effective incident response and improved security.
Please review the configuration instructions in the section below before setting up permissions for apps.
- Configure plugin: Configure the plugin with the required fields.
|The URL/domain of the CrowdStrike API Server|
|API Access key from the CrowdStrike admin panel|
|The API secret used to authenticate with the source|
- Add an Integration: Select the integration(s) you'd like to add.
- Configure General Information: OPTIONAL: You can use the following fields to provide additional information about your configuration.
|Uniquely identifiable attribute of the configuration to delineate other similar configurations with the existing organization.||'DMZ network'|
|A placeholder to input a name or email address of a contact associated with the integration.||'Jane Doe'|
|A placeholder to input a link to the console of the product Sevco is integrating with for quick reference and access when configuring or editing the integration.||'www.product.com/devices'|
|Select this toggle to receive an email whenever an Integration has a ≥30% error rate in a 24-hour period.||n/a|
- Activate Config: To enable this configuration select "Activate".
To generate an API access and secret key for Sevco to use, follow the instructions in Getting Access to the CrowdStrike API
To ensure the API key created for Sevco to use has the appropriate permissions, follow the instructions in Getting Access to the CrowdStrike API.
Set the following Scope permissions:
- Hosts - Read
- Host Groups - Read
If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected].
Tags: cloud, endpoint security
Updated about 1 month ago