sevco.io

Crowdstrike Falcon

Overview

CrowdStrike Falcon is a cloud-native endpoint security platform known for its advanced threat detection using artificial intelligence and behavioral analytics, providing proactive threat prevention. It offers endpoint detection and response (EDR) capabilities and centralized management for effective incident response and improved security.

Available Integrations

Product(s)Supported Asset Type(s)Integration Type
FalconDevicesSource
Falcon DiscoverDevicesSource

⚠️

Please review the configuration instructions in the section below before setting up permissions for apps.

Configuration

  1. Configure plugin: Configure the plugin with the required fields.
FieldDescriptionExample
URL*The URL/domain of the CrowdStrike API Serverhttps://api.crowdstrike.com
Access Key*API Access key from the CrowdStrike admin panelABCDEF0123456789
Secret Key*The API secret used to authenticate with the source***********************
  1. Add an Integration: Select the integration(s) you'd like to add.
  1. Configure General Information: OPTIONAL: You can use the following fields to provide additional information about your configuration.
FieldDescriptionExample
Name (optional)Uniquely identifiable attribute of the configuration to delineate other similar configurations with the existing organization.'DMZ network'
Contact Person (optional)A placeholder to input a name or email address of a contact associated with the integration.'Jane Doe'
Link to Console (optional)A placeholder to input a link to the console of the product Sevco is integrating with for quick reference and access when configuring or editing the integration.'www.product.com/devices'
Email me about frequent errorsSelect this toggle to receive an email whenever an Integration has a ≥30% error rate in a 24-hour period.n/a
  1. Activate Config: To enable this configuration select "Activate".

External Documentation

Creating credentials

To generate an API access and secret key for Sevco to use, follow the instructions in Getting Access to the CrowdStrike API

Required Permissions

To ensure the API key created for Sevco to use has the appropriate permissions, follow the instructions in Getting Access to the CrowdStrike API.

Set the following Scope permissions:

  • Hosts - Read
  • Host Groups - Read

API Documentation

https://developer.crowdstrike.com/crowdstrike

Contact Us

If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected].

Tags: cloud, endpoint security