In this article:
A different CrowdStrike integration, available in Integrate360° Marketplace, enables you to enrich insights in the SecurityScorecard and CrowdStrike platform. To learn about that Marketplace option, see this article.
Take the following integration steps to provide ISS Internal Security with necessary information to communicate with CrowdStrike Falcon.
When integrated, Internal Security extracts the following information from CrowdStrike:
- Event streams
- Hosts data
- Incident data
- Indicator of compromise (IOC) data
- Data about threat actors in the environment
Prepare for your integration
Before configuring the integration, Install Internal Security from Integrate360°: Marketplace. See ISS Internal Security module for guidance.
The Internal Security integration requires the following configuration values:
Setting | Description |
Client ID | One of a pair of tokens that authorizes a user to perform the GET request |
Secret token |
One of a pair of tokens that authorizes a user to perform the GET request |
Customer ID |
The identifier assigned by the product to the user permitted to perform the GET request |
Access URL | Base URL of the API endpoint; example: https://api.us-2.crowdstrike.com/ |
Note: Contact your internal Support or Engineering team if you are unable to provide the information required for this integration.
Step 1: Add Internal Security to your allowlist
To enable communication with Internal Security, add the IP address 54.88.49.59 to your allowlist.
- Log into your CrowdStrike Falcon account.
- From the Configuration tab, select IP Allowlist Management.
- In IP allowlist management, click Create IP group.
- Name the group and enter the IP address 54.88.49.59. Then click Create IP group.
The new IP group appears in the list.
Step 2: Create an API access token
- Log into your CrowdStrike Falcon account.
- From the Support tab, select API Clients and Keys.
- In API Clients and Keys, click Add new API client above the table to the right.
- In the new client form, name the new client, and add all available scopes with Read access. Then, click Add.
Note: While SecurityScorecard does not currently support all available scopes, we continue to add support on an ongoing basis.
- In the dialog that appears, copy the displayed values for use in the next step and then click DONE:
- Client ID
- Secret
- Base URL
The new client appears in the table.
Step 3: Add a CrowdStrike integration in Internal Security
- In your Scorecard header, click Internal Security Suite and then select Internal Security.
- Click Add integrations.
- Select CrowdStrike Falcon from the drop-down list.
- Enter the required information from the preceding step. Then click Save Configuration.
-
The base URL for the API
-
Your CrowdStrike customer ID
-
The client ID that you created
-
The secret token that you created
Your new integration appears in a table on the Internal Security page. Start viewing your Internal Security score and findings within 24 hours.
Note: Internal Security starts to provide data within 24 hours for each new integration as it syncs with SecurityScorecard's scanning and scoring cycles.
Additional documentation and resources
- API guidance
- Installed library: Falconpy
- Partner development agreement