CrowdStrike is a cloud-based endpoint security platform that provides threat intelligence, endpoint detection and response (EDR), and managed threat hunting services to help organizations protect their endpoints from cyber threats. The platform uses artificial intelligence (AI) and machine learning (ML) to detect and prevent advanced threats, malware, and cyber attacks in real-time.
Generate the API keys for CrowdStrike
- Sign in to CrowdStrike Account with admin access.
- Go to Support --> API Client & Keys
3. Click Add new API clients at the top right.
- Enter a Client Name
- Provide some Description.
- Select the scope.
- Click Save.
4. Copy the API Secret and Client ID and store them
5. Now select the Base URL as per your region from the following.
6. For instance:- If your Region is US1 then choose the US1 API URL which is – “api.crowdstrike.com” & the OAUTH URL will be “api.crowdstrike.com/oauth2/token”
Configuring a Chronicle feed to ingest CrowdStrike Detection logs
- Open Settings in Chronicle and browse to Feeds
- In Feeds, click Add New
3. Select Third party API in source type and then select CrowdStrike Detection Monitoring as log source as shown in below image
4. Click Next after which you have to enter the required parameters:
5. Click Next and Finalize
Check whether CrowdStrike Detection Monitoring logs are received on Chronicle, please check whether new Log Source is created in Chronicle for CrowdStrike Detection Monitoring.
Please sign in to leave a comment.