CrowdStrike
This guide explains how to integrate CrowdStrike Falcon with RedCarbon.
Overview
The CrowdStrike integration allows RedCarbon to ingest Detections, Incidents, and IOCs from the Falcon platform.
- Vendor Documentation: CrowdStrike Falcon API Documentation
Configuration
To configure the integration, you need to create an API Client in the CrowdStrike Falcon console.
Step 1: Create an API Client
- Log in to the CrowdStrike Falcon console.
- Navigate to Support and Resources > API Clients and Keys.
- Click the Add new API client button in the top right corner.
Step 2: Set Permissions
Configure the API client with the following permissions:
- Detections: Read
- Incidents: Read
- IOCs (Indicators of Compromise): Read
- Alerts: Read & Write (if you want to update alert status)
Step 3: Get Credentials
After creating the client, copy the following credentials:
- Client ID
- Client Secret
- Base URL (e.g.,
https://api.crowdstrike.com)
Step 4: Configure RedCarbon
- Log in to the RedCarbon Dashboard.
- Navigate to the customer's Integrations page.
- Select CrowdStrike.
- Paste the Client ID, Client Secret, and Base URL.
- Click Save and then Test to verify the connection.
