CrowdStrike Falcon Identity Protection (Preempt)
  • 13 Jul 2022
  • 1 Minute to read
  • Dark
    Light
  • PDF

CrowdStrike Falcon Identity Protection (Preempt)

  • Dark
    Light
  • PDF

CrowdStrike Falcon Identity Protection (formerly Preempt) lets organizations reduce user risk on their attack surface and preempt threats in real-time with conditional access. It continuously analyzes, adapts and responds to threats based on identity, behavior, and risk to resolve insider threats and targeted attacks.

Note:

It is possible to connect using either CrowdStrike or Preempt credentials.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Users

Parameters

  1. Preempt Domain (required) - The hostname of the Preempt server.
  2. Preempt API Key (optional) - An API Key created in the Preempt console. In the Administration page, select Connectors > API Keys tab. Select API Token and then generate and copy an API key. Either use the API Key, or use CrowdStrike OAuth2. For more details, see Required Permissions.
  3. Use CrowdStrike OAuth2 - Select to authenticate using CrowdStrike OAuth2, in this case use the CrowdStrike Client ID and Secret.
  4. CrowdStrike Client ID and CrowdStrike Client Secret - Credentials for a CrowdStrike account. For more information, see CrowdStrike Falcon Required Permissions.
  5. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
  6. For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

CRowdstrickeFalconIdentityProtection

Advanced Settings

Note:

From Version 4.6, Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

  1. Do not fetch devices without 'Last Seen' (required, default: true) - Select whether to exclude devices that do not have 'last seen' indication.

  2. Do not fetch devices without hostname (required, default: true) - Select whether to exclude devices that do not have a hostname.

Required Permissions

The value supplied in API Key must be associated with the following credentials:

Credential Permission
Identity Protection Assessment Read
Identity Protection Detections Read
Identity Protection Enforcement Read
Identity Protection Entities Read
Identity Protection GraphQL Write
Identity Protection Health Read
Identity Protection on-premise enablement Read
Identity Protection Timeline Read



What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.