Menu English (US) Čeština Dansk Deutsch Español (Latinoamérica) Español (España) Suomi Français (Canada) Français (France) हिंदी Magyar Bahasa Indonesia Italiano 日本語 한국어 Bahasa Melayu Nederlands Norsk Polski Português do Brasil Português (Portugal) Română Русский svenska ไทย Türkçe Українська Tiếng Việt 简体中文 繁體中文

CrowdStrike Integration Guide for SecurityCoach

Updated:

Created:

Integrating CrowdStrike with SecurityCoach

In this article, you will learn how to integrate CrowdStrike’s Falcon Insight, an endpoint protection platform (EPP), with SecurityCoach. Once the integration is complete, data provided by CrowdStrike will be available for use under the SecurityCoach tab of your KMSAT console. This data can be viewed in SecurityCoach reports and used to create detection rules for real-time coaching campaigns. For general information about SecurityCoach, see our SecurityCoach Product Manual.

Click the links below to learn how to integrate CrowdStrike with SecurityCoach.

Jump to:
Create an OAuth Client
Set Up the Integration in Your KMSAT Console

 

Create an OAuth Client

Before you can set up this integration in your KMSAT console, you will need to create an OAuth client and assign it the appropriate credentials. SecurityCoach will use these credentials to access data from the CrowdStrike system.
To create an OAuth client, follow the steps below:

  1. Log in to your CrowdStrike Falcon console and navigate to Support and resources > Resources and tools > API Clients and Keys.
    CrowdStrike API Clients and Keys.
  2. In the API client and Secrets window, click Add new API Client.
    CrowdStrike Add New API Client
  3. Create a new client by selecting the check box next to the following API Scopes:
    • Detections
    • Hosts
    • Incidents
      CrowdStrike API Scopes
  4. Locate the Client ID and Client Secret. Make sure to copy both of these items and save them somewhere that you can easily access later. You will need both of these items to set up the integration in your KMSAT console.
    CrowdStrike API Client ID and Secret

Back to top

 

Set Up the Integration in Your KMSAT Console

Once you have created your CrowdStrike OAuth client, you can set up the integration in your KMSAT console. To set up the integration in your KMSAT console, follow the steps below:

  1. Log in to your KMSAT console and navigate to SecurityCoach > Setup > Security Vendor Integrations.
  2. Locate CrowdStrike and click Configure.
  3. From the Cloud API Endpoint drop-down menu, select the endpoint for your region from the following list:
    • For the USA region, select http://api.us-2.crowdstrike.com/.
    • For the EU region, select http://api.eu-1.crowdstrike.com/.
    • For any other region, select http://api.crowdstrike.com.
  4. In the Client ID and Client Secret fields, enter the Client ID and the Client Secret that you copied in the Create an OAuth Client section of this article.
  5. Click Authorize.
    CrowdStrike Configuration

Once you’ve successfully authorized this integration, you can manage detection rules for CrowdStrike on the Detection Rules subtab of SecurityCoach. For a full list of available system detection rules for this vendor, see our Which Detection Rules Can I Use with My Vendors? article.

Back to top

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles