- 30 Oct 2023
- 2 Minutes to read
- Print
- DarkLight
- PDF
CrowdStrike Falcon Discover
- Updated on 30 Oct 2023
- 2 Minutes to read
- Print
- DarkLight
- PDF
CrowdStrike Falcon Discover is a network security monitoring tool that provides real-time visibility into devices, users, and applications.
Types of Assets Fetched
This adapter fetches the following types of assets:
- Devices
Parameters
Host Name or IP Address (required, default api.crowdstrike.com) - The hostname or IP address of the CrowdStrike Falcon Discover server.
Client ID Client Secret (required) - The Client ID and Client Secret. Refer creating credentials for information about how to create the Client ID and Client Secret.
Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Advanced Settings
Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to Advanced Configuration for Adapters.
- Fetch applications - Select this option to fetch applications (installed software) on each device.
- Ingest devices only if type is "managed" - Select this option to only fetch devices whose type is "managed".
- Ingest devices only if Product Type exists - Select this option to only ingest devices if the Product Type field exists on the device.
- Filter installed software - Toggle on this setting to filter the installed software.
- Require software name - Only populate installed software if the software has a name.
- Use file name if no software name - If the software does not have a name, use the file name.
- Fetch only latest software versions - Enable this option to choose only the device with the latest last-seen timestamp.
- Fetch IoT devices - Select this option to fetch the IoT devices from the
discover/queries/iot-hosts/v1
endpoint.
To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.
APIs
Axonius uses:
CrowdStrike Falcon Discover Applications (for the Advanced setting, 'Fetch applications')
Required Permissions
The value supplied in Client ID must have Read permissions in order to fetch assets.
Supported From Version
Supported from Axonius version 4.8