CrowdStrike

CrowdStrike is a cloud-native platform that protects endpoints, cloud workloads, identity and data. This guide explains how to add CrowdStrike integration to Cloudaware.

To see how Cloudaware seamlessly integrates with CrowdStrike in action, request a demo.

Prerequisites

Cloudaware requires the following read-only permissions in CrowdStrike API scope:

sensor download 
detections
hosts
host groups
vulnerabilities

Add a CrowdStrike account

1. Log in to Cloudaware → Admin.
   

   

2. Find CrowdStrike in integrations. Click +ADD.
   

   

3. Fill out the form:
   

   

   WHERE
   Name – a descriptive name for CrowdStrike account, e.g., CrowdStrike Prod US-1 or Falcon Integration
   Client ID – CrowdStrike Customer ID (CID) (in the CrowdStrike Falcon Console, navigate to Support → API Clients and Keys)
   Client Secret – CrowdStrike Customer Secret (in the CrowdStrike Falcon Console, navigate to Support → API Clients and Keys)
   Environment – select one from the drop-down list based on your Falcon tenant region
   
   Click SAVE.
   

4. A green light in the ‘Status’ column indicates successful configuration. If the light is red, contact support@cloudaware.com.
   

   

5. To view CrowdStrike-related data, go to Cloudaware CMDB Navigator. Select CROWDSTRIKE in the left-hand menu.
   

   

List of CrowdStrike objects

Cloudaware supports the following CrowdStrike objects:

• Crowdstrike Account CA10CR__CaCrowdstrikeAccount__c

• Crowdstrike Detection CA10CR__CaCrowdstrikeDetection__c

• Crowdstrike Detection Behavior CA10CR__CaCrowdstrikeDetectionBehavior__c

• Crowdstrike Group CA10CR__CaCrowdstrikeGroup__c

• Crowdstrike Host CA10CR__CaCrowdstrikeHost__c

• Crowdstrike Host Group Link CA10CR__CaCrowdstrikeHostGroupLink__c

• Crowdstrike Sensor Update Policy CA10CR__CaCrowdstrikeSensorUpdatePolicy__c

• Crowdstrike Sensor Update Policy Group CA10CR__CaCrowdstrikeSensorUpdatePolicyGroupLink__c