CrowdStrike

Usage

The Crowdstrike Block Type Response Integration offers a robust security solution tailored for enhancing defense against cyber threats. By leveraging Crowdstrike's industry-leading threat intelligence and response capabilities, this integration enables users to automate the process of identifying and blocking malicious activities in real-time. Whether it's stopping a known malware attack or preventing suspicious IP addresses from accessing sensitive resources, the integration provides a streamlined way to enforce security policies and respond to threats.

Prerequisites

Before configuring the Crowdstrike block type response integration in Netography, you will need to have an API Client setup from Crowdstrike.

Create an API Client

  1. Within your CrowdStrike portal, go to support and resources, then select API clients and keys

  2. Input a name and description for your Netography Crowdstrike Response integration. Ensure that Read and Write are checked for the Hosts API scope as shown below, and click ADD to create your API client details to use.

  3. Once created, copy the CLIENT ID, SECRET, BASE URL. These values will be used to onfigure the CrowdStrike response integration in Netography.

Netography Portal Steps

In Settings > Response Integrations, click Add Integration. Select Crowdstrike

Configuration

The following fields are specific to the CrowdStrike integration.

Field
Type
Required
Description
Examples

API URL

string

yes

The CrowdStrike BASE_URL

Factors

string

yes

Additional information regarding the integration

srcip

Expiration

integer

Number of seconds the blocklist will remain active

Max

integer

Limit on number of blocks

1000

Authentication

The following fields are necessary for the integration to authenticate with CrowdStrike.

Field
Required
Description

Client ID

yes

The CrowdStrike CLIENT ID

Client Secret

yes

The CrowdStrike SECRET

PreviousBlocklistNextEmail

Last updated