- 1 minute to read
The CrowdStrike Falcon platform delivers next-generation antivirus, endpoint detection and response (EDR), managed threat hunting, and threat intelligence.
The CrowdStrike Falcon Adapter connection requires the following parameters:
- CrowdStrike Domain – Enter hostname or IP of API server – depending on your API version, this could be api.crowdstrike.com or falconapi.crowdstrike.com
- Username / Client ID– Username (Old API) or Client ID (New API).
- API Key / Secret –API Key (Old API) or Client Secret (New API).
- Verify SSL – Choose whethr to verify the SSL certificate of the server.
- HTTPS Proxy (optional) – Enter details if the connection to the API requires a proxy.
Connecting using the New API
To create credentials using the new API authentication method, follow the steps below.
- Log in to the Falcon admin panel.
- Go to support > API Clients and Keys
- Click Add new API Client and select read permissions for detections, hosts, host groups, prevention policies, and sensor update policies.
- Click Add and use the generated credentials.
Connecting using the Old API
To use the Old API, follow the steps below.
- Verify you have a valid account in the CrowdStrike support portal. Information on the process is available at the link below. Additionally, you will need to create a GPG key pair prior to requesting the API key. https://falcon.crowdstrike.com/support/documentation/2/query-api-reference
- Contact CrowdStrike Support and request they create an API key for the Query API. This is distinct from a regular API key (for the Falcon API), so please be explicit that you need access to the Query API when making the request. Please see the specific steps in the screenshot below:
- Enter the username and API key provided by CrowdStrike and the adapter is configured.