CrowdStrike

Block Type Response Integration

Usage

The Crowdstrike Block Type Response Integration offers a robust security solution tailored for enhancing defense against cyber threats. By leveraging Crowdstrike's industry-leading threat intelligence and response capabilities, this integration enables users to automate the process of identifying and blocking malicious activities in real-time. Whether it's stopping a known malware attack or preventing suspicious IP addresses from accessing sensitive resources, the integration provides a streamlined way to enforce security policies and respond to threats.

Prerequisites

Before configuring the Crowdstrike block type response integration in Netography, you will need to have an API Client setup from Crowdstrike.

Create an API Client

  1. Within your CrowdStrike portal, go to support and resources, then select API clients and keys

  2. Input a name and description for your Netography Crowdstrike Response integration. Ensure that Read and Write are checked for the Hosts API scope as shown below, and click ADD to create your API client details to use.

  3. Once created, copy the CLIENT ID, SECRET, BASE URL. These values will be used to onfigure the CrowdStrike response integration in Netography.

Netography Portal Steps

In Settings > Response Integrations, click Add Integration. Select Crowdstrike

Configuration

The following fields are specific to the CrowdStrike integration.

FieldTypeRequiredDescriptionExamples
API URLstringyesThe CrowdStrike BASE_URL
FactorsstringyesAdditional information regarding the integrationsrcip
ExpirationintegerNumber of seconds the blocklist will remain active
MaxintegerLimit on number of blocks1000

Authentication

The following fields are necessary for the integration to authenticate with CrowdStrike.

FieldRequiredDescription
Client IDyesThe CrowdStrike CLIENT ID
Client SecretyesThe CrowdStrike SECRET