<< Click to Display Table of Contents >> Raynet One Data Hub > 14.0 u1 > Connectors > Alphabetic Connector List > CrowdStrike Falcon Prerequisites |
The CrowdStrike API is managed from the CrowdStrike Falcon UI by the Falcon Administrator. From there, multiple API clients can be defined along with their required scope. The scopes below define the access options.
•Detections: Provides access to Falcon detections, including behavior, severity, host, timestamps, and more.
•Hosts: Provides host details including OS, version, sensor specific data, and more.
•Host groups: Provides access to host groups used to enumerate and assign policies.
•Prevention policies: Provides access to sensor policies for external management.
•Sensor update policies: Provides access to update settings for the sensor.
•User management: Allows for the management of users who access the CrowdStrike Falcon UI.
Once an API client is defined and a scope is set, any number of customer tools can query the CrowdStrike API using the given credentials. OAuth2 is used for authentication of the incoming API requests. OAuth2 access tokens have a validity period of 30 minutes.
To define a CrowdStrike API client, it is necessary to use a user that is designated as Falcon Administrator role to view, create, or modify API clients or keys. Secrets are only shown when a new API client is created or when it is reset.
In order to view, create, or modify API clients or keys for a Crowdstrike API client it is necessary to use an Account designated as Falcon Administrator role. Secrets will be only shown once a new API client is created or it is reset.
Navigate to Support > API Clients. All existing clients will be shown in a list. Furthermore it is possible to view the audit log or add a new API client.
Click on Add new API Client in order to add an API client for usage with Raynet One Data Hub. Add a descriptive name for the client (for example Raynet One Data Hub) and add the appropriate API scopes. Than click on the ADD button.
After clicking on the ADD button, the Client ID and the Client Secret will be presented. Since the Client Secret will only be shown this one time, ensure that it will be stored in a secure place. If the Client Secret is lost, a reset must be performed and any applications relying on the Client Secret will need to be updated with the new credentials.
Best practice: It is recommended to create an API Client that is dedicated to the use with Raynet One Data Hub only. Therefore, all rights for Raynet One Data Hub can be easily revoked by deactivating the API Client, should this be necessary. |