Crowdstrike Falcon

Overview

The Veza integration for Crowdstrike enables the discovery of Users, Roles, and permissions from the Crowdstrike Falcon platform. Veza uses Crowdstrike APIs to populate the Authorization Graph with entities and metadata.

This document explains how to enable and create a Crowdstrike Falcon integration. See notes and supported entities for more details.

Configuring Crowdstrike

Before adding the integration to Veza, create an API client on the Crowdstrike platform for the connection.

1. Browse to your Crowdstrike Falcon instance (ex: https://falcon.us-2.crowdstrike.com/) and log in

2. Click the hamburger icon in the upper-left corner to open the navigation bar

3. Click Support and resources in the left navigation bar, then click API clients and keys in the Resources and tools section of the navigation submenu

4. Click Create API client in the upper-right corner of the screen

5. Enter the following details in the Create API client modal window Client name: a distinct name for the API client Description: an optional description of the API client's purpose Scope: Locate User management and click the Read checkbox

6. Click Create at the bottom of the modal

7. From the API client created window, record the Client ID, Secret, and Base URL output values

8. Click Done to close the modal

Configuring Crowdstrike on the Veza Platform

To enable Veza to gather data from the Crowdstrike Falcon platform:

1. In Veza, open the Integrations page.

2. Click Add New and pick Crowdstrike as the type of integration to add

3. Enter the required information and Save the configuration

Notes and Supported Entities

The connector discovers the following entities and attributes:

Crowdstrike User

Crowdstrike Role