.png?sv=2022-11-02&ss=b&srt=o&spr=https&st=2024-04-19T14%3A54%3A43Z&se=2024-04-19T15%3A04%3A43Z&sp=r&sig=tPa8tdYwjh9dG66Y08W28olxqk6tfNLcApVei3DkpGA%3D){kind=logo}
CrowdStrike Falcon Identity Protection (Preempt)
- 17 Apr 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
CrowdStrike Falcon Identity Protection (Preempt)
- Updated on 17 Apr 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
CrowdStrike Falcon Identity Protection (formerly Preempt) lets organizations reduce user risk on their attack surface and preempt threats in real-time with conditional access. It continuously analyzes, adapts and responds to threats based on identity, behavior, and risk to resolve insider threats and targeted attacks.
Note:
It is possible to connect using either CrowdStrike or Preempt credentials.
Types of Assets Fetched
This adapter fetches the following types of assets:
- Devices
- Users
Parameters
- Preempt Domain (required) - The hostname of the Preempt server.
- Preempt API Key (optional) - An API Key created in the Preempt console. In the Administration page, select Connectors > API Keys tab. Select API Token and then generate and copy an API key. Either use the API Key, or use CrowdStrike OAuth2. For more details, see Required Permissions.
- Use CrowdStrike OAuth2 - Select to authenticate using CrowdStrike OAuth2, in this case use the CrowdStrike Client ID and Secret.
- CrowdStrike Client ID and CrowdStrike Client Secret - Credentials for a CrowdStrike account. For more information, see CrowdStrike Falcon Required Permissions.
- HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Advanced Settings
Note:
Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to Advanced Configuration for Adapters.
Do not fetch devices without 'Last Seen' (required, default: true) - Select whether to exclude devices that do not have 'last seen' indication.
Do not fetch devices without hostname (required, default: true) - Select whether to exclude devices that do not have a hostname.
Only fetch active Users (optional) - Select to only fetch users who aren't archived.
Ignore Programmatic users for device ownership (default: false) - Select this option to ignore the owner listed as device owner if it is a service account.
Filter by Domain - Toggle on filter by domain.
Domain list - Enter a comma-separated list of domains to filter by.
Rename risk factors - Select this option to rename risk factors.
Exclude devices with UNMANAGED_HOST risk status - Select this option to exclude devices with the risk factor type of 'UNMANAGED_HOST'.
Required Permissions
The value supplied in API Key must be associated with the following credentials:
| Credential | Permission |
|---|---|
| Identity Protection Assessment | Read |
| Identity Protection Detections | Read |
| Identity Protection Enforcement | Read |
| Identity Protection Entities | Read |
| Identity Protection GraphQL | Write |
| Identity Protection Health | Read |
| Identity Protection on-premise enablement | Read |
| Identity Protection Timeline | Read |
Was this article helpful?