Crowdstrike Falcon
Configuring the Veza integration for Crowdstrike
Overview
The Veza integration for Crowdstrike enables the discovery of Users, Roles, and permissions from the Crowdstrike Falcon platform. Veza uses Crowdstrike APIs to populate the Authorization Graph with entities and metadata.
This document explains how to enable and create a Crowdstrike Falcon integration. See notes and supported entities for more details.
Configuring Crowdstrike
Before adding the integration to Veza, create an API client on the Crowdstrike platform for the connection.
Browse to your Crowdstrike Falcon instance (ex:
https://falcon.us-2.crowdstrike.com/
) and log inClick the hamburger icon in the upper-left corner to open the navigation bar
Click Support and resources in the left navigation bar, then click API clients and keys in the Resources and tools section of the navigation submenu
Click Create API client in the upper-right corner of the screen
Enter the following details in the Create API client modal window Client name: a distinct name for the API client Description: an optional description of the API client's purpose Scope: Locate User management and click the Read checkbox
Click Create at the bottom of the modal
From the API client created window, record the Client ID, Secret, and Base URL output values
Click Done to close the modal
Configuring Crowdstrike on the Veza Platform
To enable Veza to gather data from the Crowdstrike Falcon platform:
In Veza, open the Integrations page.
Click Add New and pick Crowdstrike as the type of integration to add
Enter the required information and Save the configuration
Field | Notes |
---|---|
Name | A unique display name for the Crowdstrike Falcon connection |
Crowdstrike Url | The Base URL value recorded earlier |
Crowdstrike Client Id | The Client ID value recorded earlier |
Crowdstrike Client Secret | The Secret value recorded earlier |
Notes and Supported Entities
The connector discovers the following entities and attributes:
Crowdstrike User
Attribute | Notes |
---|---|
| Boolean True if user account is active |
| User email |
| Creation time for user |
| The timestamp of the user's last login |
| The home CID of the Falcon user (if in a multi-CID environment) |
Crowdstrike Role
Attribute | Notes |
---|---|
| A description of the role |
Last updated