Crowdstrike Configuration Guide

This guide is intended to assist the device administrators while configuring their Crowd Strike devices to forward logs to SIEM Collector.

1       Creating API Client and Keys

Defining your first API Client

To define a CrowdStrike API client, you must be designated as Falcon Administrator role to view, create, or modify API clients or keys. Secrets are only shown when a new API Client is created or when it is reset.

  • Log in to Falcon UI.
  • Navigate to Support > API Clients and Keys.
  • Click on “Add new API Client”, you will be prompted to give a descriptive name and select the appropriate API scopes. Please select Event Stream as API scope as depicted in picture below.
  • After you click save, you will be presented with the Client ID and Client Secret. The secret will only be shown once and should be stored in a secure place.

2      Configuring Connector

              Use below link to configure

               https://www.crowdstrike.com/blog/tech-center/integrate-with-your-siem/

3      References

             IBM Guide:

             CrowdStrike Guide

              https://www.crowdstrike.com/blog/tech-center/integrate-with-your-siem/
              https://www.crowdstrike.com/blog/tech-center/get-access-falcon-apis/