Crowdstrike
Integrating Crowdstrike with ThreatDefence
Step 1: Enable Auditing in Crowdstrike
To define a Crowdstrike API client and integrate it with ThreatDefence, follow these steps:
-
Access Crowdstrike Falcon UI:
- Log in to the Crowdstrike Falcon UI: https://falcon.crowdstrike.com with credentials that have been designated as Falcon Administrator role.
-
Navigate to API Clients and Keys:
- In the Falcon UI, navigate to Support and resources > API Clients and Keys. Here, you can view existing clients, add new API clients, or view the audit log.
- In the Falcon UI, navigate to Support and resources > API Clients and Keys. Here, you can view existing clients, add new API clients, or view the audit log.
-
Add a New API Client:
-
Click on "Add new API Client" and provide a descriptive name for the client.
-
Select the appropriate API scopes based on your integration requirements. Event streams is required.
-
-
Save Client Information:
- After saving the new API client, you will be presented with the Client ID and Client Secret.
- The Client Secret will only be shown once and should be stored securely.
- In case the Client Secret is lost, a reset must be performed, and any applications relying on it will need to be updated with the new credentials.
Step 2: Configuration in ThreatDefence
1. Provide ThreatDefence with Client Information:
-
Provide the following information to your ThreatDefence representative at support@threatdefence.com:
- Client ID.
- Client Secret.
- Base URL.
If you have any questions or need further assistance, please feel free to contact us at support@threatdefence.com