Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai Help Center and we shall get it updated.
| Product |
Samurai [Local] Collector |
Samurai [Cloud] Collector |
| Crowdstrike Falcon Insight |
|
To complete this Integration you will need to:
1) From the Crowdstrike Falcon Console:
2) From the Samurai application:
Create credentials for basic authentication
To create credentials for basic authentication, perform the following steps:
1. Log in to the Crowdstrike Falcon Console
2. Click the Support and resources icon in the left menu pane.
3. Under Resources and tools select API Clients and Keys. The API Clients and Keys page is displayed.
4. Select the Legacy API Credentials tab.
5. Click Create Credentials
6. Copy the Username and Password. You will need the credentials to Complete the Crowdstrike Falcon Insight Integration
Figure 1: Credentials for basic authentication
Create a new API client
To create a new API client follow the steps below:
1. Log in to the Crowdstrike Falcon Console
2. Click the Support and resources icon in the left menu pane.
3. Under Resources and tools select API Clients and Keys. The API Clients and Keys page is displayed.
4. Click Create API client. The Create API client page appears.
5. Perform the following steps:
5.1 Specify NTT API Client in the CLIENT NAME field.
5.2 Specify API client for NTT in the DESCRIPTION field.
5.3 Under API SCOPES, perform the following steps:
5.4 Select the Read checkbox for:
-
-
- Detections
- Host
- Host groups
- Prevention policies
- Event Streams,
- User Management.
-
5.5 Select the Write checkbox for:
-
-
- Hosts.
-
6. Click Add.
Figure 2: Add new API client
7. Copy and record the values :
- CLIENT ID
- SECRET
Figure 3: Client ID and Secret
The Secret is displayed only once so ensure to record it for use during Complete the Crowdstrike Falcon Insight Integration
8. Take note of your Cloud location which is dervived from the Base URL as per the table below, you will need to specify the cloud location under Complete the Crowdstrike Falcon Insight Integration.
The table below outlines the Cloud location and Base URL:
| Cloud Location | Base URL |
| US-1 | https://api.crowdstrike.com |
| US-2 | https://api.us-2.crowdstrike.com |
| EU-1 | https://api.eu-1.crowdstrike.com |
| US-GOV-1 | https://api.laggar.gcw.crowdstrike.com |
9. Click DONE.
Complete the Crowdstrike Falcon Insight Integration
You will need:
- OAuth Client ID: (from Step 7 under Create a new API client)
- OAuth Secret: (from Step 7 under Create a new API client)
- Basic User: (from Step 6 under Create credentials for basic authentication)
- Basic Password: (from Step 6 under Create credentials for basic authentication)
- Cloud location: (from Step 8 under Create a new API client)
1. Login to the Samurai application
2. Select Integrations
3. Select Create
4. Locate and click Crowdstrike Falcon Insight
5. Click Next (we leverage a Samurai Cloud Collector)
6. Enter a Name of Integration
7. Enter a Description (Optional)
8. Enter a Devicename
9. Enter your OAuth Client ID
10. Enter your OAuth Secret
11. Enter your Basic User
12. Enter your Basic Password
13. Select your Cloud Location (US-1 is default).
14. Click Finish
For general information on Integrations refer to the Integrations article.
Comments
0 comments
Article is closed for comments.