Recent Searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            CrowdStrike Falcon Insight

            Modified on Thu, 15 Feb 2024 at 12:19 AM 

            Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai Help Center and we'll get it updated.


            This guide describes the steps required to configure CrowdStrike Falcon Insight. 



            To complete this Integration, you will need to:

            1)  From the CrowdStrike Falcon Console:

            • Create a new a API client


            2) From the Samurai XDR application:

            • Complete the CrowdStrike Falcon Insight, Telemetry> Integration
            • Complete the CrowdStrike Falcon Insight, Response> Integration

             


            Configure CrowdStrike Falcon Console

            Create a new API client

            To create credentials for basic authentication, perform the following steps:

            1. Log in to the CrowdStrike Falcon Console
            2. Click the Support and resources icon in the left menu pane
            3. Under Resources and tools select API Clients and Keys. The API Clients and Keys page is displayed
            4. Click Add new API client. The Add new API client page appears
            5. Perform the following steps:
              5.1 Specify NTT API Client in the CLIENT NAME field
              5.2 Specify API client for NTT in the DESCRIPTION field
              5.3 Under API SCOPES, perform the following steps:
              5.4 Select the Read and Write checkboxes (denoted by a "Yes") for:
            • Hosts           

                    6. Click Add


             

            7. Copy and record the values:

            • CLIENT ID
            • SECRET
            • BASE URL

            mceclip0.png The Secret is displayed only once so ensure to record it for use during Complete the CrowdStrike Falcon Insight Integration. These keys will be used for both Telemetry and Response.

             


            API_clients_and_keys__Falcon.png

             

             

            Take note of your Cloud location which is derived from the Base URL as per the table below, you will need to specify the cloud location under Complete the CrowdStrike Falcon Insight Integration.


            8. Click DONE


            Configure the Samurai XDR Application


            Telemetry

            1. Login to your Samurai XDR tenant
            2. Select Telemetry > Integrations
            3. Select Create
            4. Locate and click CrowdStrike Falcon Insight
            5. Complete the "Create Integration" form
            6. Enter a Name of Integration
            7. Enter a Description (Optional)
            8. Enter your OAuth Client ID
            9. Enter your OAuth Secret (Key)
            10. Select your REST Domain(Base URL in step 7) 
            11. Click Finish


            Response

            1. Select Response > Integrations
            2. Select Create
            3. Locate and click CrowdStrike Falcon Insight
            4. Complete the "Create Integration" form
            5. Enter a Name of Integration
            6. Enter a Description (Optional)
            7. Enter your OAuth Client ID
            8. Enter your OAuth Secret (Key)
            9. Select your REST Domain(Base URL in step 7) 
            10. Click Finish


             

            mceclip0.png For general information on Integrations refer to the Integrations article.

             

             

            Preview
            0 of 0