Set up CrowdStrike for Integration
Focus
Focus
IoT Security

Set up CrowdStrike for Integration

Table of Contents

Set up CrowdStrike for Integration

Set up CrowdStrike for integration with IoT Security through Cortex XSOAR.
Where Can I Use This?What Do I Need?
  • IoT Security (Managed by IoT Security)
  • IoT Security subscription for an advanced IoT Security product (Enterprise Plus, Industrial OT, or Medical)
One of the following Cortex XSOAR setups:
  • An IoT Security Third-party Integration Add-on license that includes a cohosted, limited-featured Cortex XSOAR instance
  • A full-featured Cortex XSOAR server
Generate a client ID and secret and get the CrowdStrike server API URL for Cortex XSOAR to use when querying the CrowdStrike cloud server for device attributes. Copy and save these in a text file, so you can later copy and paste them into XSOAR when configuring a CrowdStrike integration instance.
  1. Generate a client ID, secret, and base URL.
    1. Log in to the CrowdStrike console, expand the navigation menu, and select Support and resourcesAPI clients and keys.
    2. Select + Add new API client, enter the following, and leave the other settings at their default values:
      Client Name: Enter a name for the Cortex XSOAR instance that will be connecting to the CrowdStrike API; for example, acme-xsoar1.
      Description: Enter a useful description of the API client for future reference.
      API Scopes: Select the following check boxes to allow read-only access to the API so that Cortex XSOAR can retrieve device attributes from CrowdStrike.
      • Hosts: Read
      • Host Groups: Read
    3. Click Add.
      When you click Add, a panel appears with the client ID, secret, and base URL that Cortex XSOAR needs to access the API of the CrowdStrike cloud server.
  2. Copy the client ID, secret, and base URL.
    1. Click the copy icon to the right of the client ID string and then paste the copied text string into a text file.
    2. Repeat the previous step for the secret and base URL strings.
    3. Save the text file in a secure location for use when configuring the CrowdStrike integration instance in Cortex XSOAR.