Skip to main content
All CollectionsOnboarding and Configuration Guides
Onboarding Guide - Crowdstrike
Onboarding Guide - Crowdstrike
Gal Nakash avatar
Written by Gal Nakash
Updated over a month ago

Prerequisites

  1. The user performing the integration must be able to create an API Token

  2. A Reco user with Admin Role

Configure CrowdStrike

  1. Login to CrowdStrike

  2. Click on Support -> API Client and Keys

  3. Click on "Add new API Client"

  4. Enter in a new client name and description.

  5. Select Read for

    1. Hosts

    2. Device control policies

    3. Detections

    4. Prevention policies

    5. User Management

    6. Entities

    7. CrowdStrike Falcon Alerts

    8. CrowdStrike Falcon Event Streams

  6. Select the Add button.

  7. Copy and set aside the Client ID, Secret and Base URL, and click on Done

Integrate CrowdStrike with Reco

  1. Login to the Reco Platform

  2. Click on "Configurations" and then "Integrations"

  3. Locate the "CrowdStrike" object, and click on "Add Integration"

  4. A new screen will open, click on "Allow"

  5. Fill in the following fields, and click on "Reinstall into Workspace"

    • API Endpoint - The location of your CrowdStrike tenant region, from the "Base URL" previously copied

    • Client ID - Previously copied above

    • Client Secret - Previously copied above

  6. A new windows appears, click on "Start Extraction"

  7. If the integration was successful, the CrowdStrike Integration status will become "Active"

What do we ingest exactly?

Access

Objects

Read-only

Hosts

Device control policies

Detections

Prevention policies

User Management

CrowdStrike Falcon Event Streams

CrowdStrike Falcon Alerts

Entities

Did this answer your question?