CrowdStrike Falcon Discover

Connection Requirements

1 - Domain

The domain of the CrowdStrike.

2 - Client ID

Generated Client ID for a user that has the permissions to fetch asset details.

3 - Client Secret

Generated Client Secret Key for a user that has the permissions to fetch asset details.

To define a CrowdStrike API client, you must be assigned the Falcon Administrator role to view, create, or modify API clients or keys. Secrets are only shown when a new API Client is created or reset.

You can follow the steps below.

  1. When logged into the Falcon UI, navigate to Support > API Clients and Keys.

  2. From there you can view existing clients, add new API clients, or view the audit log. When you click

  3. Add new API Client” you will be prompted to give a descriptive name and select the appropriate API scopes. For Discover following read permission are required. Identity Protection AssessmentIdentity Protection DetectionsIdentity Protection EnforcementIdentity Protection EntitiesIdentity Protection Timeline

  4. After you click save, you will be presented with the Client ID and Client Secret.

The secret will only shown once and must be saved somewhere.

4 - SSL

Use SSL for connection (optional, default: Encrypted).

5 - Timeout

Timeout for return API call (default: 30)

6 - Fetch Installed Software

Choose if you'd like to fetch installed software information(default: True)

Last updated

Was this helpful?