sevco.io

Crowdstrike Falcon – Devices

About

CrowdStrike Falcon provides device protection through its real-time threat detection, behavioral analytics, and machine learning capabilities, which work together to identify and respond to security threats effectively. Its endpoint detection and response (EDR) features allow organizations to swiftly investigate and mitigate threats, bolstering the security of their devices against potential cyberattacks.

Why You Should Integrate

Integrating with Crowdstrike will provide visibility into devices with the agent installed to identify your endpoint coverage and state.

How Does the Integration Work

This integration pulls device objects and associated information from Crowdstrike using the Crowdstrike REST APIs.

This data is only used internally; we do not share it with any parties outside of Sevco. Refer to our privacy policy for details.

⚠️

If you haven't already, please review our instructions for configuring the integration before proceeding with the instructions below.

Configuration Options

Collection Settings

FieldDescriptionExample
Collect Historical Network AddressesChecking this box will tell the integration to pull a history of MAC Addresses observed by your Crowdstrike agent and use those MAC Addresses for your devices. Doing so will help prevent the issue of Crowdstrike MAC Addresses changing, while other Sources do not report the most recent MAC Address reported by Crowdstrike.n/a

External Documentation

Creating Credentials

See platform documentation for details on Crowdstrike Falcon – Creating Credentials

Required Permissions

To ensure the API key created for Sevco to use has the appropriate permissions, follow the instructions in Getting Access to the CrowdStrike API.

Set the following Scope permissions:

  • Hosts - Read
  • Host Groups - Read

Contact Us

If you're having problems configuring an Integration, or if you've found something wrong in this document, please email us at [email protected] or suggest edits directly by selecting the Suggest Edits link located in the upper right hand corner of the documentation.