search

Falcon CrowdStrike IDP

hashtag
Connection Requirements

1

hashtag
Domain

The domain of the CrowdStrike.

circle-info

Default: https://api.crowdstrike.com

2

hashtag
Client ID

Generated Client ID for a user that has the permissions to fetch asset details.

3

hashtag
Client Secret

Generated Client Secret Key for a user that has the permissions to fetch asset details.

circle-info

You can follow the steps below. To define a CrowdStrike API client, you must be assigned the Falcon Administrator role to view, create, or modify API clients or keys. Secrets are only shown when a new API Client is created or reset.

When logged into the Falcon UI, navigate to Support > API Clients and Keys and then:

  • View existing clients, add new API clients, or view the audit log.

  • Click “Add new API Client”, give a descriptive name and select the appropriate API scopes. The read scope for "Identity Protection Entities" should suffice.

  • After you click save, you will be presented with the Client ID and Client Secret.

circle-info

Note: The secret will only be shown once and must be saved somewhere.

4

hashtag
SSL

Use SSL for connection (optional, default: Encrypted).

5

hashtag
Timeout

Timeout for return API call (default: 30)

circle-exclamation

Required Permissions

The value supplied in API Key must be associated with the following credentials:

  • Identity Protection Assessment: Read

  • Identity Protection Detections: Read

  • Identity Protection Enforcement: Read

  • Identity Protection Entities: Read

  • Identity Protection GraphQL: Write

  • Identity Protection Health: Read

  • Identity Protection on-premise enablement: Read

  • Identity Protection Timeline: Read

circle-exclamation

Attention

Please perform a connection test to ensure there is a valid connection to the host. When the discovery operation is finalized, you will be able to see the details on the Assets page.

PreviousFalcon CrowdStrike SpotlightNextFalcon CrowdStrike Forensics

Was this helpful?