CrowdStrike Falcon Protect
This document provides instructions for configuring CrowdStrike in order for the Netography Context Integration to have the correct access to pull label contexts.
Prerequisites
Before configuring the CrowdStrike Falcon Protect Context Integration in Netography, you will need to have an API user created in CrowdStrike.
Configure an API Client
On the left hand menu expand the "Support and resources" submenu.
Then click on API clients and keys.
Click on the "Create API client" button in the top right
Fill out the client name.
Give the key a description.
In the API Scopes table select Read permission for "Hosts".
Click add at the bottom to create this api client.
📘The CrowdStrike Falcon Protect setup uses the same steps as Discover but only the Read permission is required for Hosts, as exampled below in the Add new API client window:
After clicking "Create" you will be presented with a screen that shows the credentials like below. Make note of the
CLIENT ID,SECRETand subdomain from theBASE URL.Note: The Subdomain of the base URL is what to select for Cloud abbreviation.
📘 If the BASE URL is api.crowdstrike.com then your cloud is US-1.
Netography Portal Steps
Navigate to Integrations (make sure you are on the Context tab) and click "Add Integration", then select CrowdStrike Falcon Protect
Configuration
The following fields are specific to the CrowdStrike Falcon Protect integration.
Cloud Abbreviation
yes
The falcon cloud to query. Found as the subdomain from the CrowdStrikeBASE URL
US 2
Filter
An optional FQL string to be used when filtering results.
entity_type:'managed'+last_seen_timestamp:<'now-3d'
Sort
An optional FQL sort string.
last_seen_timestamp.desc
Authentication
The following fields are necessary for the integration to authenticate with CrowdStrike.
Client ID
yes
The CrowdStrike CLIENT ID
Client Secret
yes
The CrowdStrike SECRET
Last updated