CrowdStrike
Block Type Response Integration
Usage
The Crowdstrike Block Type Response Integration offers a robust security solution tailored for enhancing defense against cyber threats. By leveraging Crowdstrike's industry-leading threat intelligence and response capabilities, this integration enables users to automate the process of identifying and blocking malicious activities in real-time. Whether it's stopping a known malware attack or preventing suspicious IP addresses from accessing sensitive resources, the integration provides a streamlined way to enforce security policies and respond to threats.
Prerequisites
Before configuring the Crowdstrike block type response integration in Netography, you will need to have an API Client setup from Crowdstrike.
Create an API Client
-
Within your CrowdStrike portal, go to support and resources, then select API clients and keys
-
Input a name and description for your Netography Crowdstrike Response integration. Ensure that Read and Write are checked for the Hosts API scope as shown below, and click ADD to create your API client details to use.
-
Once created, copy the
CLIENT ID,SECRET,BASE URL. These values will be used to onfigure the CrowdStrike response integration in Netography.
Netography Portal Steps
In Settings > Response Integrations, click Add Integration. Select Crowdstrike
Configuration
The following fields are specific to the CrowdStrike integration.
| Field | Type | Required | Description | Examples |
|---|---|---|---|---|
API URL | string | yes | The CrowdStrike BASE_URL | |
Factors | string | yes | Additional information regarding the integration | srcip |
Expiration | integer | Number of seconds the blocklist will remain active | ||
Max | integer | Limit on number of blocks | 1000 |
Authentication
The following fields are necessary for the integration to authenticate with CrowdStrike.
| Field | Required | Description |
|---|---|---|
Client ID | yes | The CrowdStrike CLIENT ID |
Client Secret | yes | The CrowdStrike SECRET |
Updated 2 months ago