Privilege      CrowdStrike Exposure Management helps organizations identify and reduce their attack surface by providing real-time visibility into vulnerabilities and risks across environments. Refer to official document of CrowdStrike Exposure Management.

Integration Method: API
Tables: Vulnerability Finding (2002), Device Inventory Info (5001)

This integration supports the following events.

This integration supports the following versions.

Prerequisites

• The user should ensure that scopes are properly assigned to the API token for successful data retrieval.

• The user should have access to the DataBee console.

Configuration Overview

1. Generate client credentials with the required scopes.

2. Add the CrowdStrike Exposure Management data feed in the DataBee console with the below parameters.

   DataBee Parameter	CrowdStrike  Exposure Management Parameter
   Client Id	Client Id
   Client Secret	Secret
   API Base URL	Base URL

CrowdStrike Exposure Management Configuration

Start by creating the API Client and get the necessary information for API authentication such as Client ID and Client Secret.

1. Log on to CrowdStrike Platform.

2. Navigate to the top-left Navigation Menu > Support and resources > API clients and keys.
    

3. Click on the Create API client button.
    

4. Enter Client name to identify API clients. Also add Description that describes the purpose of the API client, if desired.
    

5. The following scope needs to be added for the endpoint to function properly:

   Event	Permission
   Vulnerabilities	Vulnerabilities: Read
   Assets	Assets: Read

6. Select Assets-Read scope to collect alert logs.
    

7. Select Vulnerabilities-Read scope to collect detection logs.
    

8. Click on the Create button.
    

9. Copy the Base URL, Client ID, and Client Secret for later use, then click Done.
   

   Note:

   You will not be able to view this again after you complete this step. Ensure that you copy it before closing the notification.

DataBee Configuration

1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
    

2. Search for CrowdStrike Exposure Management and click it as shown below.
    

3. Click on the API Ingest option for the collection method.
    

4. Enter feed contact information.
    

5. In the next dialog, enter the following:

   • Authorization Method: OAuth2

   • API Base URL: Paste the Base URL

   • Client Key: Paste the Client ID

   • Client Secret: Paste the Secret

   • Token URL: Replace the <region> with your tenant specific information obtained from the Base URL.

   • Event Types: Preselected for all the event types that integration pulls.
      

6. Click on the Test Connection button once details are added.

   

7. Click on the Submit button once Test Connection is successful.

   

Troubleshooting Tips

• If you’re facing invalid_client or unauthorized_client issues, this might be possibly due to incorrect credentials. Ensure the token is pasted correctly. Since you cannot view the token after the 1st time, re-create the token, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.

• If you are facing 403 response code, this might be possibly due to missing permissions. Check that CrowdStrike API credentials have the necessary scope. If needed, update the API credentials scope using the CrowdStrike platform, save the changes, and retry the integration.