Crowdstrike Falcon – Devices from Falcon Discover
About
CrowdStrike Falcon provides device protection through its real-time threat detection, behavioral analytics, and machine learning capabilities, which work together to identify and respond to security threats effectively. Its endpoint detection and response (EDR) features allow organizations to swiftly investigate and mitigate threats, bolstering the security of their devices against potential cyberattacks.
Why You Should Integrate
Integrating with Crowdstrike will provide visibility into devices with the agent installed to identify your endpoint coverage and state.
How Does the Integration Work
This integration pulls device objects and associated information from Crowdstrike using the Crowdstrike REST APIs.
This data is only used internally; we do not share it with any parties outside of Sevco. Refer to our privacy policy for details.
If you haven't already, please review our instructions for configuring the integration before proceeding with the instructions below.
Configuration Options
Collect Devices from Crowdstrike Discover Service
Field | Description | Example |
---|---|---|
Minimum Discoverer Count | Excludes assets with a Discover Count that is less than the value set. | 3 |
External Documentation
Creating Credentials
See platform documentation for details on Crowdstrike Falcon – Creating Credentials
Required Permissions
To ensure the API key created for Sevco to use has the appropriate permissions, follow the instructions in Getting Access to the CrowdStrike API.
Set the following Scope permissions:
- Hosts - Read
- Host Groups - Read
- Assets - Read
Contact Us
If you're having problems configuring an Integration, or if you've found something wrong in this document, please email us at [email protected] or suggest edits directly by selecting the Suggest Edits
link located in the upper right hand corner of the documentation.
Updated 19 days ago