Crowdstrike Falcon
Overview
CrowdStrike Falcon is a cloud-native endpoint security platform known for its advanced threat detection using artificial intelligence and behavioral analytics, providing proactive threat prevention. It offers endpoint detection and response (EDR) capabilities and centralized management for effective incident response and improved security.
Available Integrations
| Product(s) | Supported Asset Type(s) | Integration Type |
|---|---|---|
| Falcon | Devices | Source |
| Falcon Discover | Devices | Source |
Please review the configuration instructions in the section below before setting up permissions for apps.
Configuration
- Configure plugin: Configure the plugin with the required fields.
| Field | Description | Example |
|---|---|---|
URL* | The URL/domain of the CrowdStrike API Server | https://api.crowdstrike.com |
Access Key* | API Access key from the CrowdStrike admin panel | ABCDEF0123456789 |
Secret Key* | The API secret used to authenticate with the source | *********************** |
- Add an Integration: Select the integration(s) you'd like to add.
- Configure General Information: OPTIONAL: You can use the following fields to provide additional information about your configuration.
| Field | Description | Example |
|---|---|---|
Name (optional) | Uniquely identifiable attribute of the configuration to delineate other similar configurations with the existing organization. | 'DMZ network' |
Contact Person (optional) | A placeholder to input a name or email address of a contact associated with the integration. | 'Jane Doe' |
Link to Console (optional) | A placeholder to input a link to the console of the product Sevco is integrating with for quick reference and access when configuring or editing the integration. | 'www.product.com/devices' |
Email me about frequent errors | Select this toggle to receive an email whenever an Integration has a ≥30% error rate in a 24-hour period. | n/a |
- Activate Config: To enable this configuration select "Activate".
External Documentation
Creating credentials
To generate an API access and secret key for Sevco to use, follow the instructions in Getting Access to the CrowdStrike API
Required Permissions
To ensure the API key created for Sevco to use has the appropriate permissions, follow the instructions in Getting Access to the CrowdStrike API.
Set the following Scope permissions:
- Hosts - Read
- Host Groups - Read
API Documentation
https://developer.crowdstrike.com/crowdstrike
Contact Us
If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected].
Tags: cloud, endpoint security
Updated 7 months ago