CrowdStrike Falcon Discover

Connection Requirements

1 - Domain

The domain of the CrowdStrike.

Default: https://api.crowdstrike.com

The domain may change depending on the region where the server is located. You can find the domain information where we created the Client ID and Client Secret information.

2 - Client ID

Generated Client ID for a user that has the permissions to fetch asset details.

3 - Client Secret

Generated Client Secret Key for a user that has the permissions to fetch asset details.

To define a CrowdStrike API client, you must be assigned the Falcon Administrator role to view, create, or modify API clients or keys. Secrets are only shown when a new API Client is created or reset.

You can follow the steps below.

  1. When logged into the Falcon UI, navigate to Support > API Clients and Keys.

  2. From there you can view existing clients, add new API clients, or view the audit log. When you click

  3. Add new API Client” you will be prompted to give a descriptive name and select the appropriate API scopes. For Discover following read permission are required. Identity Protection AssessmentIdentity Protection DetectionsIdentity Protection EnforcementIdentity Protection EntitiesIdentity Protection Timeline

  4. After you click save, you will be presented with the Client ID and Client Secret.

The secret will only shown once and must be saved somewhere.

4 - SSL

Use SSL for connection (optional, default: Encrypted).

5 - Timeout

Timeout for return API call (default: 30)

6 - Fetch Installed Software

Choose if you'd like to fetch installed software information(default: True)

Attention

Please perform a connection test to ensure there is a valid connection to the CrowdStrike Falcon Discover host. When the discovery operation finalized you will be able to see the details on Assets page.

PreviousCrowdStrike FalconNextCrowdStrike Falcon IDP

Last updated

Was this helpful?