In this article:
A different CrowdStrike integration, available in Integrate360° Marketplace, enables you to enrich insights in the SecurityScorecard and CrowdStrike platform. To learn about that Marketplace option, see this article.
Take the following integration steps to provide ISS Internal Security with necessary information to communicate with CrowdStrike Falcon.
We are currently building support for this integration. Contact your SecurityScorecard sales engineer for more information.
When integrated, Internal Security extracts the following information from CrowdStrike:
- Event streams
- Hosts data
- Incident data
- Indicator of compromise (IOC) data
- Data about threat actors in the environment
Prepare for your integration
Before configuring the integration, Install Internal Security from Integrate360°: Marketplace. See ISS Internal Security module for guidance.
The Internal Security integration requires the following configuration values:
|Client ID||One of a pair of tokens that authorizes a user to perform the GET request|
One of a pair of tokens that authorizes a user to perform the GET request
The identifier assigned by the product to the user permitted to perform the GET request
|Access URL||Base URL of the API endpoint; example: https://api.us-2.crowdstrike.com/|
Note: Contact your internal Support or Engineering team if you are unable to provide the information required for this integration.
Step 1: Create an API access token
- Log into your CrowdStrike Falcon account.
- From the Support tab, select API Clients and Keys.
- In API Clients and Keys, click Add new API client above the table to the right.
- In the new client form, name the new client, and add all available scopes with Read access. Then, click Add.
Note: While SecurityScorecard does not currently support all available scopes, we continue to add support on an ongoing basis.
- In the dialog that appears, copy the displayed values for use in the next step and then click DONE:
- Client ID
- Base URL
The new client appears in the table.
Step 2: Add a CrowdStrike integration in Internal Security
- In your Scorecard header, click Internal Security Suite and then select Internal Security.
- Click Add integrations.
- Select CrowdStrike Falcon from the drop-down list.
- Enter the required information from the preceding step. Then click Save Configuration.
The base URL for the API
Your CrowdStrike customer ID
The client ID that you created
The secret token that you created
Your new integration appears in a table on the Internal Security page.
Note: Data for this integration will be available when we finish building support for it. See a list of the Internal Security product integrations we currently support.
Note: Internal Security starts to provide data within 24 hours for each new integration as it syncs with SecurityScorecard's scanning and scoring cycles.