CrowdStrike Falcon Discover
The CrowdStrike Falcon Discover module is required for this integration.
This document provides instructions for configuring CrowdStrike in order for the Netography Context Integration to have the correct access to pull label contexts.
Prerequisites
Before configuring the CrowdStrike Falcon Discover Context Integration in Netography, you will need to have an API user created in CrowdStrike.
Configure an API Client
-
On the left hand menu expand the "Support and resources" submenu.
-
Then click on API clients and keys.
-
Click on the "add new API client" button in the top right
-
Fill out the client name.
-
Give the key a description.
-
In the API Scopes table select Read permission for "Hosts" and "Assets.
-
Click Create at the bottom to create this api client.
-
After clicking "Create" you will be presented with a screen that shows the credentials like below. Make note of the
CLIENT ID
,SECRET
and subdomain from theBASE URL
.-
Note: The Subdomain of the base URL is what to select for Cloud abbreviation.
If the BASE URL is
api.crowdstrike.com
then your cloud is US-1.
-
Netography Portal Steps
Navigate to Integrations (make sure you are on the Context tab) and click "Add Integration", then select CrowdStrike Falcon Discover
Configuration
The following fields are specific to the CrowdStrike Falcon Discover integration.
Field | Required | Description | Example |
---|---|---|---|
Cloud Abbreviation | yes | The falcon cloud to query. Found as the subdomain from the CrowdStrikeBASE URL | US 2 |
Filter | An optional FQL string to be used when filtering results. | entity_type:'managed'+last_seen_timestamp:<'now-3d' | |
Sort | An optional FQL sort string. | last_seen_timestamp.desc |
Authentication
The following fields are necessary for the integration to authenticate with CrowdStrike.
Field | Required | Description |
---|---|---|
Client ID | yes | The CrowdStrike CLIENT ID |
Client Secret | yes | The CrowdStrike SECRET |
Updated about 1 year ago