Crowdstrike

Overview

Before notifications can be pulled from CrowdStrike, access enablement for the API will need to be completed and provided for integration setup. This document describes the basic setup for log collection using the Falcon Streaming API.

Enable API Access

Initially, a request from a valid support account needs to be done to CrowdStrike support requesting access for using the Falcon Streaming API. CrowdStrike support will work with the requestor on this setup.

Create an API Client

Once enabled, an API Client needs to be created.

Go to the Support > API Clients and Keys page of the CrowdStrike interface.
Create an API Client by clicking Add new API Client.
Enter a descriptive Client name that identifies the API client in Falcon and in API action logs.
Under API Scopes, check the Read boxes for the Detections, Incidents, and Event Streams scopes.
Click Add.

note

You must have the Falcon Administrator role to view, create, or modify API clients or keys. However, you can only see an API client's secret when you create or reset the secret.

Note the API Base URL

Right above the API Client and Keys table is a listing for Base URL: which the value should be noted.

Provide Information

The API URL, API client ID and API client secret should now be available to complete the setup and start log collection. Provide these value to your service representative or use them for self service configuration following the "Configuring a new Service Connector for log collection" guide.

Crowdstrike​

Overview​

Enable API Access​

Create an API Client​

Note the API Base URL​

Provide Information​