CrowdStrike
  • 20 Mar 2025
  • 2 Minutes to read
  • Dark
    Light

CrowdStrike

  • Dark
    Light

Article summary

CrowdStrike’s security platform aims to stop breaches by offering advanced threat intelligence and real-time protection. CrowdStrike's solutions include endpoint protection, threat intelligence, and incident response services, all delivered through their cloud-based Falcon platform.

Integration Method: API
Tables: Detection Finding (2004), Incident Finding (2005), Device Inventory Info (5001)

This integration supports the following events.

Event

Description

Incidents

Get detailed information about all incidents.

Detections

Get detailed information about all detections.

Alerts

Get detailed information about all alerts.

Device

Get detailed information about all devices.

This integration supports the following versions.

CrowdStrike Sensor version

7.15.18513.0 and 7.17.18604.0

CrowdStrike API version

v1.0

Prerequisites

  • The user should ensure scopes are properly assigned to the API token for successful data retrieval.

  • The user should have access to the DataBee console.

Configuration Overview

  1. Generate client credentials with the required scopes.

  2. Add the CrowdStrike data feed in the DataBee console with the below parameters.

DataBee Parameter

CrowdStrike Parameter

Client Id

Client Id

Client Secret

Secret

API Base URL

Base URL

CrowdStrike Configuration

Start by creating the API Client and get the necessary information for API authentication such as Client ID and Client Secret.

  1. Log on to CrowdStrike Platform.

  2. Navigate to the top-left Navigation menu > Support and resources > API clients and keys.
     

  3. Click on the Create API client button.
     

  4. Enter ‘Client Name’ to identify API clients. Also add ‘Description’ that describes the purpose for the API client, if desired.
     

  5. The following scope needs to be added for the endpoint to function properly:

    Event

    Permission

    Alerts

    Alerts.Read

    Detects

    Detections.Read

    Incidents

    Incidents.Read

    Devices

    Hosts.Read

  6. Select Host-Read scope to collect the device logs.
     

  7. Select Alerts-Read scope to collect alert logs.

  8. Select Detection-Read scope to collect detection logs.
     

  9. Select Incidents-Read scope to collect incident logs.
     

  10. Click on the Create button.
     

  11. Copy the Base URL, Client ID, and Secret for later use, then click Done.
     

Note:

You will not be able to view this again after you complete this step. Ensure that you copy it before closing the notification.

DataBee Configuration

  1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
     

  2. Search for CrowdStrike and click it as shown below.
     

  3. Click on the API Ingest option for the collection method.
     

  4. Enter feed contact information and click Next.
     

  5. In the next dialog, enter the following:

    • Authorization Method: OAuth2

    • API Base URL: paste the Base URL.

    • Client Key: paste the Client ID.

    • Client Secret: paste the Secret.

    • Token URL: replace the <region> with your tenant specific information obtained from the Base URL.

    • Event Types: preselected for all the event types that integration pulls.

  6. Click Submit.
     

Troubleshooting Tips

  • If you’re facing invalid_client or unauthorized_client issues this might be possibly due to incorrect credentials. Ensure the token is pasted correctly. Since you cannot view the token after the 1st time, re-create the token, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.

  • If you are facing 403 response code this might be possibly due to missing permissions. Check that CrowdStrike API credentials have the necessary scope. If needed, update the API credentials' scope using CrowdStrike platform, save the changes, and retry the integration.


Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence