CrowdStrike Falcon
  • 1 minute to read
  • Print
  • Share
  • Dark
    Light

CrowdStrike Falcon

  • Print
  • Share
  • Dark
    Light

The CrowdStrike Falcon platform delivers next-generation antivirus, endpoint detection and response (EDR), managed threat hunting, and threat intelligence.

The CrowdStrike Falcon Adapter connection requires the following parameters:

  1. CrowdStrike Domain – Enter hostname or IP of API server – depending on your API version, this could be api.crowdstrike.com or falconapi.crowdstrike.com
  2. Username / Client ID– Username (Old API) or Client ID (New API).
  3. API Key / Secret –API Key (Old API) or Client Secret (New API).
  4. Verify SSL – Choose whethr to verify the SSL certificate of the server.
  5. HTTPS Proxy (optional) – Enter details if the connection to the API requires a proxy.
  6. Choose Instance - If you are using multi-nodes, choose the Axonius node that is integrated with the adapter. By default, the 'Master' Axonius node (instance) is used. For details, see Connecting Additional Axonius Nodes

image.png

Connecting using the New API

To create credentials using the new API authentication method, follow the steps below.

  1. Log in to the Falcon admin panel.
  2. Go to support > API Clients and Keys
    image.png
  3. Click Add new API Client and select read permissions for detections, hosts, host groups, prevention policies, and sensor update policies.
    image.png
  4. Click Add and use the generated credentials.

Connecting using the Old API

To use the Old API, follow the steps below.

  1. Verify you have a valid account in the CrowdStrike support portal. Information on the process is available at the link below. Additionally, you will need to create a GPG key pair prior to requesting the API key. https://falcon.crowdstrike.com/support/documentation/2/query-api-reference
  2. Contact CrowdStrike Support and request they create an API key for the Query API. This is distinct from a regular API key (for the Falcon API), so please be explicit that you need access to the Query API when making the request. Please see the specific steps in the screenshot below:

image.png

  1. Enter the username and API key provided by CrowdStrike and the adapter is configured.

Configuring CrowdStrike Falcon Advanced Settings

To configure the CrowdStrike Falcon adapter advanced settings, open the CrowdStrike Falcon adapter screen, click Advanced Settings, and then click the CrowdStrike Configuration tab:

  • Get Devices Policies - Check this to fetch prevention policies associated with the devices.
    image.png
Was this article helpful?