CrowdStrike Required Permissions
General
The user account used to connect the adapter must have the Assets:Read API scope permission.
Advanced Configuration
The following permissions are required for various Advanced Configurations:
Users
| Scope | Permission |
|---|---|
| User Management | Read |
Vulnerabilities
| Scope | Permission |
|---|---|
| vulnerabilities:read | Read |
Configuration Assessments
| Scope | Permission |
|---|---|
| Falcon Configuration Assessment:read | Read |
Axonius SaaS Applications Data
To fetch SaaS Applications data the following permissions are required:
| Scope | Permission | Notes |
|---|---|---|
| Hosts | Read | |
| Host groups | Read | |
| IOC Management | Read | |
| Prevention policies | Read | |
| Detections | Read | |
| User Management | Read | |
| Sensor Update Policies | Read | |
| Indicators | Read | Requires CrowdStrike Falcon Intelligence Add-on to be deployed. Required to discover shadow SaaS applications. |
| Vulnerabilities | Read | Requires an active subscription to the CrowdStrike Falcon Vulnerability module. It may assist to discover shadow SaaS applications. |
Application Settings
To fetch Application Settings:
Create a user with permissions to fetch Axonius SaaS Applications data.
The credentials supplied must be associated with the following permissions:
- View Quarantine File settings
- View Response policies
- The following scopes:
| Scope | Permission |
|---|---|
| Hosts | Read |
| Host groups | Read |
| IOC Management | Read |
| Prevention policies | Read |
| Sensor update policies | Write |
| Device Control Policies | Read |
Enforcement Actions
The following permissions are required to run CrowdStrike Enforcement Actions:
| Scope | Permission |
|---|---|
| Hosts | Write |
Updated about 10 hours ago