CrowdStrike

CrowdStrike is a cloud-native platform that protects endpoints, cloud workloads, identity and data. This guide explains how to add CrowdStrike integration to Cloudaware.

To see how Cloudaware seamlessly integrates with CrowdStrike in action, request a demo.

Prerequisites

Cloudaware requires the following read-only permissions in CrowdStrike API scope:

sensor download 
detections
hosts
host groups
vulnerabilities

Add a CrowdStrike account

1. Log in to Cloudaware → Admin.
   

   

2. Find CrowdStrike in integrations. Click +ADD.
   

   

3. Fill out the form:
   

   

   WHERE
   Name – a descriptive name for CrowdStrike account, e.g., CrowdStrike Prod US-1 or Falcon Integration
   Client ID – CrowdStrike Customer ID (CID) (in the CrowdStrike Falcon Console, navigate to Support → API Clients and Keys)
   Client Secret – CrowdStrike Customer Secret (in the CrowdStrike Falcon Console, navigate to Support → API Clients and Keys)
   Environment – select one from the drop-down list based on your Falcon tenant region
   
   Click SAVE.
   

4. A green light in the ‘Status’ column indicates successful configuration. If the light is red, contact support@cloudaware.com.
   

   

5. To view CrowdStrike-related data, go to Cloudaware CMDB Navigator. Select CROWDSTRIKE in the left-hand menu.
   

   

List of CrowdStrike objects

Cloudaware supports the following CrowdStrike objects:

Crowdstrike Account
Crowdstrike Detection
Crowdstrike Detection Behavior
Crowdstrike Group
Crowdstrike Host
Crowdstrike Host Group Link
Crowdstrike Sensor Update Policy
Crowdstrike Sensor Update Policy Group