# CrowdStrike

## Usage <a href="#usage" id="usage"></a>

The Crowdstrike Block Type Response Integration offers a robust security solution tailored for enhancing defense against cyber threats. By leveraging Crowdstrike's industry-leading threat intelligence and response capabilities, this integration enables users to automate the process of identifying and blocking malicious activities in real-time. Whether it's stopping a known malware attack or preventing suspicious IP addresses from accessing sensitive resources, the integration provides a streamlined way to enforce security policies and respond to threats.

## Prerequisites <a href="#prerequisites" id="prerequisites"></a>

Before configuring the Crowdstrike block type response integration in Netography, you will need to have an API Client setup from Crowdstrike.

### Create an API Client <a href="#create-an-api-client" id="create-an-api-client"></a>

1. Within your CrowdStrike portal, go to **support and resources**, then select **API clients and keys**

   ![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-6de9358d38c00d61508e543236940ab91c5fb6ca%2Fd2639d3a8f446f0e7fc60fdcdba8d48e78852f602367a49c18eb2e3602f86140.png?alt=media)
2. Input a name and description for your Netography Crowdstrike Response integration. Ensure that **Read** and **Write** are checked for the Hosts API scope as shown below, and click **ADD** to create your API client details to use.

   ![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-7193f30e579031581a21fd218774c1dd688b29e5%2Fdd972cc439bd1fc752a305f5f500d438aab7af78d1354e9e7f4cf07fb7e7b695.png?alt=media)
3. Once created, copy the `CLIENT ID`, `SECRET`, `BASE URL`. These values will be used to onfigure the CrowdStrike response integration in Netography.

   ![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-8c2fbe822e766a2f7f7dc128a3e6eced35274841%2F21c6912e5906557c80aea25590d989412d94f3294bd8749f72016ea3de5a226e.png?alt=media)

## Netography Portal Steps <a href="#netography-portal-steps" id="netography-portal-steps"></a>

In **Settings > Response Integrations**, click **Add Integration**. Select **Crowdstrike**

![](https://1075194167-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7upncbzIm3grJePXaOO9%2Fuploads%2Fgit-blob-0191553fb50e44d4b3d51f9161864bb3fd43634b%2F2784dca400448e309357dc67c8ff1c7cebcd26059706a5a762c78a125bb64d1d.png?alt=media)

### Configuration <a href="#configuration" id="configuration"></a>

The following fields are specific to the CrowdStrike integration.

| Field        | Type    | Required | Description                                        | Examples |
| ------------ | ------- | -------- | -------------------------------------------------- | -------- |
| `API URL`    | string  | yes      | The CrowdStrike `BASE_URL`                         |          |
| `Factors`    | string  | yes      | Additional information regarding the integration   | srcip    |
| `Expiration` | integer |          | Number of seconds the blocklist will remain active |          |
| `Max`        | integer |          | Limit on number of blocks                          | 1000     |

### Authentication <a href="#authentication" id="authentication"></a>

The following fields are necessary for the integration to authenticate with CrowdStrike.

| Field           | Required | Description                 |
| --------------- | -------- | --------------------------- |
| `Client ID`     | yes      | The CrowdStrike `CLIENT ID` |
| `Client Secret` | yes      | The CrowdStrike `SECRET`    |