Login
    Contents x
    CrowdStrike
    • 22 Sep 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Contents

    CrowdStrike

    • Updated on 22 Sep 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Article summary

    Crowdstrike

    CrowdStrike’s security platform aims to stop breaches by offering advanced threat intelligence and real-time protection. CrowdStrike's solutions include endpoint protection, threat intelligence, and incident response services, all delivered through their cloud-based Falcon platform.

    Integration

    This integration is related to security findings. DataBee connects to CrowdStrike APIs to get data related to alerts, detections and incidents.

    Integration Method: API

    Tables: Device Config State, Detection Finding, Incident Finding, Process Activity, Authentication, DHCP Activity

    Event Types: Events, Detections, Alerts

    This integration has been tested against CrowdStrike API V1.

    Crowdstrike Configuration

    Before you start configuring data source on Databee UI, you will need to create the API Client and get the necessary information for API authentication such as Client ID and Client Secret.

    To create API Client:

    1. Log in to CrowdStrike Platform.

    2. Navigate to the top-left navigation menu > Support and Resources > API Clients and Keys.

    A screenshot of a computer  Description automatically generated

    1. Click on Create API client button.

    A screenshot of a computer  Description automatically generated

    1. Enter Client Name to identify API client.

    2. Provide a description that describes the purpose for the API client, if desired.

    3. Select scope Alerts, Detection, and Incidents to fetch the required data.

    4. Click on the create button.

    A screenshot of a computer  Description automatically generated

    1. Copy the Base URL, Client ID, and Client Secret.

    2. Click Done.

    Note: You will not be able to view this again after you complete this step. Ensure that you copy it before closing.

    A screenshot of a computer  Description automatically generated

    DataBee Configuration

    1. To configure the Data Source, login into the DataBee UI, navigate to the Data tab, and click on Add New Data Source.

    A screenshot of a computer  Description automatically generated

    1. Search and click on the Crowdstrike

    A screenshot of a computer  Description automatically generated

    1. Click on the API Ingest option for collection method.  A screenshot of a computer  Description automatically generated

    2. Enter basic data source information and click Next

    A screenshot of a contact form  Description automatically generated

    1. In the next dialog, enter the following:

    • Authorization Method: OAuth2

    • Key ID: Enter the Client Key ID saved from the previous step

    • Secret Key: Enter the Client Secret saved from the previous step

    A screenshot of a computer  Description automatically generated

    If the URLs are not filled, use the following:

    API URL: https://api.<region>.crowdstrike.com/alerts/queries/alerts/v2

    API URL: https://api.<region>.crowdstrike.com/detects/queries/detects/v1

    API URL: https://api.<region>.crowdstrike.com/incidents/queries/incidents/v1

    Token URL: https://api.<region>.crowdstrike.com/oauth2/token

    Replace the <region> with your tenant specific information.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence