Login
    Contents x
    CrowdStrike Falcon Discover
    • 13 Mar 2024
    • 3 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    CrowdStrike Falcon Discover

    • Updated on 13 Mar 2024
    • 3 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    CrowdStrike Falcon Discover is a network security monitoring tool that provides real-time visibility into devices, users, and applications.

    Types of Assets Fetched

    This adapter fetches the following types of assets:

    • Devices

    Parameters

    1. Host Name or IP Address (required, default api.crowdstrike.com) - The hostname or IP address of the CrowdStrike Falcon Discover server.

    2. Client ID and Client Secret (required) - The Client ID and Client Secret. Refer creating credentials for information about how to create the Client ID and Client Secret.

    3. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

    4. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

    5. HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

    6. HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.

    To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

    CrowdStrikeDiscover


    Advanced Settings

    Note:

    Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

    1. Fetch applications - Select this option to fetch applications (installed software) on each device.
    2. Only fetch applications used in the last X days (leave 0 for all) - Enter a value higher than zero and select Fetch applications in order to only fetch applications used in the selected amount of days. Leave 0 (default) to fetch all applications, regardless of the last used timestamp.
    3. Filter installed software - Toggle on this setting to filter the installed software.
      • Require software name - Only populate installed software if the software has a name.
      • Use file name if no software name - If the software does not have a name, use the file name.
      • Filter by software name - Toggle on to filter by software name. Select either Include or Exclude to set software names that will either be included or excluded in the fetch.
        • List - Enter a comma-separated list of software names to either exclude or include.
    4. Fetch IoT devices - Select this option to fetch the IoT devices from the discover/queries/iot-hosts/v1 endpoint.
    5. Fetch only latest software versions - Enable this option to choose only the device with the latest last-seen timestamp.
    6. Fetch users - Toggle on this option to fetch users.

    Advanced device filtering

    • Filter devices - Toggle on this option to filter devices and configure relevant settings.

    • Filter by data providers - Toggle on to filter by data providers. Select either Include or Exclude to set data providers that will either be included or excluded in the fetch.

      • List - In the field, enter data providers to either exclude or include.

    • Filter by discoverer count - Toggle on to filter devices by their discoverer count field. Select Greater than if devices need more discoverers in order to be fetched or Less than if devices need less discoverers in order to be fetched.

      • Amount - Set the amount of discoverers required by a device.

    Separate historical IP addresses

    • Separate historical IP addresses - Toggle on to configure a pattern to apply to an interface alias in order to identify a historical IP address and record it separately from current IP addresses. Historical IP addresses will not be taken into account for device correlation but will remain queriable, if desired.
      • Interface alias regex pattern - In the field, enter a regex pattern to apply to an interface alias in order to identify a historical IP address.
    1. Ingest devices only if type is "managed" - Select this option to only fetch devices whose type is "managed".
    2. Ingest devices only if Product Type exists - Select this option to only ingest devices if the Product Type field exists on the device.
    3. Ingest devices only if hostname exists - Select this option to only ingest devices if the hostname field exists on the device.
    Note:

    To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.


    APIs

    Axonius uses:


    Required Permissions

    The value supplied in Client ID must have Read permissions in order to fetch assets.

    Supported From Version

    Supported from Axonius version 4.8


    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout