Crowdstrike Falcon Reports
This document explains how to set up the Crowdstrike Falcon Reports premium intelligence source in theTruSTAR platform.
Leveraging artificial intelligence, the CrowdStrike Falcon® platform offers instant visibility and protection across the enterprise and prevents attacks on endpoints on or off the network.
- Source Type: Premium Intel
- Update Type: Feed-based
- Update Frequency: 15 minutes
- Parser: Yes
- Time to Install: 10 minutes
Observables Supported
Requirements
- Licensed user of Crowdstrike
- Access to Crowdstrike Falcon Intelligence Reports.
- Crowdstrike API ID and API key for the reports API.
Getting Started
- Log into the TruSTAR Web App.
- Click the Marketplace icon on the left side icon list.
- Click Premium Intel.
- Click Subscribe on the Crowdstrike Falcon Reports box.
- Enter your API key and click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
FAQ
Q: How do I find my Crowdstrike Falcon Report API keys?
- Navigate to API Clients and Keys in the Crowdstrike portal.
- If your keys have not already been created for the Indicators API scope, then select Add new API client.
- Select a Client Name and select the following API scopes:
- Copy the Client ID/ Secret and subscribe to the Crowdstrike Falcon Reports Marketplace source.
Known Issues
None reported.