Axonius Documentation
Start typing to search…

Connecting the Adapter in Axonius

CrowdStrike Authentication Methods

  • To fetch Application Settings: You must provide Admin User Name, Admin Password, and 2FA Secret Key (if required).
  • To fetch other asset types: You must provide User Name / Client ID and API Key / Client Secret.

Creating Credentials - Latest API

To create credentials using the Latest API authentication method:

  1. Log in to the Falcon admin panel.
  2. Go to Support > API Clients and Keys.
image.png
  1. Click Add new API Client and select Read permissions as defined above::
image.png
  1. Click Add and use the generated credentials.

Connecting the Adapter

Required Parameters

For all asset types:

  1. CrowdStrike Domain - The hostname of the API server. Could be one of the following:
    • https://api.crowdstrike.com or https://api.us-2.crowdstrike.com (for v2 API - US region)
    • https://api.eu-1.crowdstrike.com/ (for v2 API - EU region)
    • https://api.laggar.gcw.crowdstrike.com/ (for v2 API - Government)

For all asset types except for Application Settings:

  1. User Name / Client ID and API Key / Client Secret - The credentials for a user account that has the Required Permissions to fetch assets.
📘

Note

Client ID and API Secret are required if you're using the latest (v2) API.

To fetch Application Settings:

  1. Admin User Name - The value you enter in the User Name field in CrowdStrike for the new user you created to allow Axonius to fetch Axonius SaaS Applications data.
  2. Admin Password - The password you set for the new user in CrowdStrike.
  3. 2FA Secret Key - The secret generated in CrowdStrike for setting up 2-factor authentication for the CrowdStrike user created for collecting Axonius SaaS Applications data.

Optional Parameters

  1. Member CID - Specify a CrowdStrike CID to fetch data from all tenants associated with it.
    • If supplied, Axonius will fetch data from all tenants associated with the Member CID (customer identification).
    • If not supplied, Axonius will only fetch data from the main tenant.
  2. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
  3. HTTPS Proxy- Connect the adapter to a proxy instead of directly connecting it to the domain.
  4. Ignore devices that have not been seen by this connection in the last X hours - Select whether to avoid fetching old devices that are no longer part of your network, but that still exist in the present adapter connection.
    • If selected, the present connection for the adapter will only fetch device information if that device asset entity has been seen by the adapter connection ('Last Seen' field) in the last specified number of hours. For example, if the value is 2160 hours, any device asset entity not identified by the present adapter connection in the last 90 days will not be pulled into Axonius.
    • If cleared, all connections for the adapter will function per the configuration in Advanced Settings of the Ignore devices that have not been seen by this connection in the last X hours option. For more information, see Adapter Advanced Settings.
  5. Threat Graph API User and Threat Graph API Key - Fetch data from CrowdStrike Threat Graph API.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Troubleshooting

If you get an 403 Client Error when trying to connect the adapter:

  1. Verify your API scopes.
  2. In the CrowdStrike Admin Console, add the IP address of your Axonius instance to your IP allow list.

Updated about 8 hours ago