CrowdStrike Falcon
  • 1 minute to read
  • Print
  • Share
  • Dark
    Light

CrowdStrike Falcon

  • Print
  • Share
  • Dark
    Light

The CrowdStrike Falcon platform delivers next-generation antivirus, endpoint detection and response (EDR), managed threat hunting, and threat intelligence.

The CrowdStrike Falcon Adapter connection requires the following parameters:

  1. CrowdStrike Domain – Enter hostname or IP of API server – depending on your API version, this could be api.crowdstrike.com or falconapi.crowdstrike.com
  2. Username / Client ID– Username (Old API) or Client ID (New API).
  3. API Key / Secret –API Key (Old API) or Client Secret (New API).
  4. Verify SSL – Choose whethr to verify the SSL certificate of the server.
  5. HTTPS Proxy (optional) – Enter details if the connection to the API requires a proxy.

image.png

Connecting using the New API

To create credentials using the new API authentication method, follow the steps below.

  1. Log in to the Falcon admin panel.
  2. Go to support > API Clients and Keys
    image.png
  3. Click Add new API Client and select read permissions for detections, hosts, host groups, prevention policies, and sensor update policies.
    image.png
  4. Click Add and use the generated credentials.

Connecting using the Old API

To use the Old API, follow the steps below.

  1. Verify you have a valid account in the CrowdStrike support portal. Information on the process is available at the link below. Additionally, you will need to create a GPG key pair prior to requesting the API key. https://falcon.crowdstrike.com/support/documentation/2/query-api-reference
  2. Contact CrowdStrike Support and request they create an API key for the Query API. This is distinct from a regular API key (for the Falcon API), so please be explicit that you need access to the Query API when making the request. Please see the specific steps in the screenshot below:

image.png

  1. Enter the username and API key provided by CrowdStrike and the adapter is configured.
Was this article helpful?