CrowdStrike
  • 22 Sep 2024
  • 1 Minute to read
  • Contributors
  • Dark
    Light

CrowdStrike

  • Dark
    Light

Article summary

Crowdstrike

CrowdStrike’s security platform aims to stop breaches by offering advanced threat intelligence and real-time protection. CrowdStrike's solutions include endpoint protection, threat intelligence, and incident response services, all delivered through their cloud-based Falcon platform.

Integration

This integration is related to security findings. DataBee connects to CrowdStrike APIs to get data related to alerts, detections and incidents.

Integration Method: API

Tables: Device Config State, Detection Finding, Incident Finding, Process Activity, Authentication, DHCP Activity

Event Types: Events, Detections, Alerts

This integration has been tested against CrowdStrike API V1.

Crowdstrike Configuration

Before you start configuring data source on Databee UI, you will need to create the API Client and get the necessary information for API authentication such as Client ID and Client Secret.

To create API Client:

  1. Log in to CrowdStrike Platform.

  2. Navigate to the top-left navigation menu > Support and Resources > API Clients and Keys.

A screenshot of a computer  Description automatically generated

  1. Click on Create API client button.

A screenshot of a computer  Description automatically generated

  1. Enter Client Name to identify API client.

  2. Provide a description that describes the purpose for the API client, if desired.

  3. Select scope Alerts, Detection, and Incidents to fetch the required data.

  4. Click on the create button.

A screenshot of a computer  Description automatically generated

  1. Copy the Base URL, Client ID, and Client Secret.

  2. Click Done.

Note: You will not be able to view this again after you complete this step. Ensure that you copy it before closing.

A screenshot of a computer  Description automatically generated

DataBee Configuration

  1. To configure the Data Source, login into the DataBee UI, navigate to the Data tab, and click on Add New Data Source.

A screenshot of a computer  Description automatically generated

  1. Search and click on the Crowdstrike

A screenshot of a computer  Description automatically generated

  1. Click on the API Ingest option for collection method.  A screenshot of a computer  Description automatically generated

  2. Enter basic data source information and click Next

A screenshot of a contact form  Description automatically generated

  1. In the next dialog, enter the following:

  • Authorization Method: OAuth2

  • Key ID: Enter the Client Key ID saved from the previous step

  • Secret Key: Enter the Client Secret saved from the previous step

A screenshot of a computer  Description automatically generated

If the URLs are not filled, use the following:

API URL: https://api.<region>.crowdstrike.com/alerts/queries/alerts/v2

API URL: https://api.<region>.crowdstrike.com/detects/queries/detects/v1

API URL: https://api.<region>.crowdstrike.com/incidents/queries/incidents/v1

Token URL: https://api.<region>.crowdstrike.com/oauth2/token

Replace the <region> with your tenant specific information.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence