: Set up CrowdStrike for Integration
Focus
Focus

Set up CrowdStrike for Integration

Table of Contents

Set up CrowdStrike for Integration

Set up CrowdStrike for integration with IoT Security through Cortex XSOAR.
Generate a client ID and secret and get the CrowdStrike server API URL for Cortex XSOAR to use when querying the CrowdStrike cloud server for device attributes. Copy and save these in a text file, so you can later copy and paste them into XSOAR when configuring a CrowdStrike integration instance.
  1. Generate a client ID, secret, and base URL.
    1. Log in to the CrowdStrike console, expand the navigation menu, and select Support and resourcesAPI clients and keys.
    2. Select + Add new API client, enter the following, and leave the other settings at their default values:
      Client Name: Enter a name for the Cortex XSOAR instance that will be connecting to the CrowdStrike API; for example, acme-xsoar1.
      Description: Enter a useful description of the API client for future reference.
      API Scopes: Select the following check boxes to allow read-only access to the API so that Cortex XSOAR can retrieve device attributes from CrowdStrike.
      • Hosts: Read
      • Host Groups: Read
    3. Click Add.
      When you click Add, a panel appears with the client ID, secret, and base URL that Cortex XSOAR needs to access the API of the CrowdStrike cloud server.
  2. Copy the client ID, secret, and base URL.
    1. Click the copy icon to the right of the client ID string and then paste the copied text string into a text file.
    2. Repeat the previous step for the secret and base URL strings.
    3. Save the text file in a secure location for use when configuring the CrowdStrike integration instance in Cortex XSOAR.