Crowdstrike Falcon Reports
This document explains how to set up and use Crowdstrike Falcon Reports with TruSTAR Station.
Leveraging artificial intelligence (AI), the CrowdStrike Falcon® platform offers instant visibility and protection across the enterprise and prevents attacks on endpoints on or off the network. CrowdStrike Falcon delivers real-time protection and actionable intelligence from Day One.
- Source Type: Premium Intel
- Update Type: Feed-based
- Update Frequency: 15 minutes
- Time to Install: 10 minutes
The integration pulls all observables supported by TruSTAR.
- Licensed user of Crowdstrike
- Access to Crowdstrike Falcon Intelligence Reports.
- Crowdstrike API ID and API key for the reports API.
- Log into TruSTAR Station.
- Click the Marketplace icon on the left side icon list.
- Click Premium Intel.
- Click Subscribe on the Crowdstrike Falcon Reports box.
- Enter your API key and click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
The ID name field of the response.
99XX CSIT-17023 Stampado 2.0 Released
The ID field of response.
Entire JSON body resources list of the response.
The created_date field of the response.
The URL of the report.
Slugs of the response.
Q: How do I find my Crowdstrike Falcon Report API keys?
- Navigate to API Clients and Keys in the Crowdstrike portal
- If your keys have not already been created for the Indicators API scope then "Add new API client"
- From here select a Client Name and select the following API scope under the Read column
- Copy the keys and subscribe to the Crowdstrike Falcon Reports Marketplace source