CrowdStrike Falcon

Overview

CrowdStrike Falcon is a cloud-native endpoint protection platform that provides next-generation antivirus (NGAV), endpoint detection and response (EDR), managed threat hunting, vulnerability management, and threat intelligence. The Axonius CrowdStrike Falcon adapter enables visibility into endpoint devices, vulnerabilities, users, roles, alerts, and configuration data to support SaaS Application management, endpoint coverage audits, and incident response workflows.

📘

Note

If you are using CrowdStrike Falcon Identity Protection (formerly Preempt), you need to use the CrowdStrike Falcon Identity Protection adapter.

Use Cases the Adapter Solves

The CrowdStrike Falcon adapter provides insight into endpoint security coverage and device health across the organization. It helps identify endpoints without Falcon agents, outdated agent versions, and devices that may be unmanaged or misconfigured.

By correlating CrowdStrike Falcon data with other Axonius data sources, organizations can:

• Audit endpoint protection coverage
• Identify unmanaged or unprotected devices
• Enrich endpoint context with business and ownership data
• Track vulnerabilities and security posture
• Support incident response and remediation workflows

Types of Assets Fetched

Devices | Aggregated Security Findings | Users | Roles | Application Settings | SaaS Applications | Domains & URLs | Containers | Alerts/Incidents | Accounts/Tenants

Before You Begin

Authentication Methods

The CrowdStrike Falcon adapter supports authentication using:

• Client ID / Client Secret – Required for connecting the adapter.
• Username / Password - Required for fetching Application Settings.

Required Permissions

More Information About This Adapter

Deploying the CrowdStrike Falcon Adapter

CrowdStrike Falcon Additional Permissions

CrowdStrike Falcon Advanced Settings

CrowdStrike Falcon Related Enforcement Actions