In this article, you will understand step by step how to easily integrate with CrowdStrike
Permissions
- Detections - Read
- Hosts - Read
- Host Groups - Read
- User Management - Read
Connecting Scytale & CrowdStrike
1. Create API Key
1. The API Key creation flow starts by navigating the console menu
2. In the console menu, navigate to Support and Resources item
3. Click Create API client in the upper right
4. Fill in the (API Key) Client name - Scytale CrowdStrike integration
5. Fill in the (API Key) Description - Scytale CrowdStrike integration
6. Scroll the Scopes pane and select the following scopes for the API Key:
4. Fill in the (API Key) Client name - Scytale CrowdStrike integration
5. Fill in the (API Key) Description - Scytale CrowdStrike integration
6. Scroll the Scopes pane and select the following scopes for the API Key:
- Detections - Read
- Hosts - Read
- Host Groups - Read
- User Management - Read
7. Click Create
8. A modal dialog is rendered:
- Client ID - Click on the copy icon to copy the ID to the clipboard
- Secret - Click on the copy icon to copy the ID to the clipboard
- Note: The secret key will not be shown again – though, if it is lost, a new one can be generated
- Client Base URL - The CrowdStrike cloud environment to which API requests are directed
- Click Done to dismiss the modal dialog
2. Set up the connection in Scytale
1. In Scytale menu, navigate to the "integrations" page
2. Click on Connect CrowdStrike
3. Fill in the fields:
3.3 Base URL - Select your Base URL from the dropdown options
3.1 Client ID - Paste the Client ID you copied
3.2 Client Secret - Paste the secret you copied
4. Add a name for the connection
5. Click on Connect
FAQs
What data do we collect from CrowdStrike?
- List of devices
- Antivirus agent versions
- List of detections found
- User list - Coming soon