sevco.io

Crowdstrike Falcon – Devices from Falcon Discover

About

CrowdStrike Falcon provides device protection through its real-time threat detection, behavioral analytics, and machine learning capabilities, which work together to identify and respond to security threats effectively. Its endpoint detection and response (EDR) features allow organizations to swiftly investigate and mitigate threats, bolstering the security of their devices against potential cyberattacks.

Why You Should Integrate

Integrating with Crowdstrike will provide visibility into devices with the agent installed to identify your endpoint coverage and state.

How Does the Integration Work

This integration pulls device objects and associated information from Crowdstrike using the Crowdstrike REST APIs.

This data is only used internally; we do not share it with any parties outside of Sevco. Refer to our privacy policy for details.

⚠️

If you haven't already, please review our instructions for configuring the integration before proceeding with the instructions below.

Configuration Options

Collect Devices from Crowdstrike Discover Service

FieldDescriptionExample
Minimum Discoverer CountExcludes assets with a Discover Count that is less than the value set.3

External Documentation

Creating Credentials

See platform documentation for details on Crowdstrike Falcon – Creating Credentials

Required Permissions

To ensure the API key created for Sevco to use has the appropriate permissions, follow the instructions in Getting Access to the CrowdStrike API.

Set the following Scope permissions:

  • Hosts - Read
  • Host Groups - Read
  • Assets - Read

Contact Us

If you're having problems configuring an Integration, or if you've found something wrong in this document, please email us at [email protected] or suggest edits directly by selecting the Suggest Edits link located in the upper right hand corner of the documentation.