Set up CrowdStrike for Integration
Table of Contents
Set up CrowdStrike for Integration
Set up CrowdStrike for integration with IoT Security
through Cortex XSOAR.
Generate a client ID and secret and get the
CrowdStrike server API URL for Cortex XSOAR to use when querying
the CrowdStrike cloud server for device attributes. Copy and save
these in a text file, so you can later copy and paste them into
XSOAR when configuring a CrowdStrike integration instance.
- Generate a client ID, secret, and base URL.
- Log in to the CrowdStrike console, expand the navigation menu, and select .
- Select+ Add new API client, enter the following, and leave the other settings at their default values:Client Name: Enter a name for the Cortex XSOAR instance that will be connecting to the CrowdStrike API; for example,acme-xsoar1.Description: Enter a useful description of the API client for future reference.API Scopes: Select the following check boxes to allow read-only access to the API so that Cortex XSOAR can retrieve device attributes from CrowdStrike.
- Hosts:Read
- Host Groups:Read
- ClickAdd.When you clickAdd, a panel appears with the client ID, secret, and base URL that Cortex XSOAR needs to access the API of the CrowdStrike cloud server.
- Copy the client ID, secret, and base URL.
- Click the copy icon to the right of the client ID string and then paste the copied text string into a text file.
- Repeat the previous step for the secret and base URL strings.
- Save the text file in a secure location for use when configuring the CrowdStrike integration instance in Cortex XSOAR.