Get Started

Getting Started

Deploy

Onboard and Manage Accounts

Amazon Web Services (AWS)

Google Cloud Platform (GCP)

Microsoft Azure

Oracle Cloud Infrastructure (OCI)

Additional Providers

Collect and Integrate Data

Harvesting & Event-Driven Harvesting

Integrations

Understand Data

Visibility & Reporting

Inventory

Query Filters & Insights

Manage and Act on Data

Bots & Automation

Infrastructure as Code (IaC) Security

Cloud IAM Governance

Vulnerability Management

Workload Security

Manage System Settings

InsightCloudSec System Configuration

Developer Resources

APIs

Support

CrowdStrike Integration

The CrowdStrike integration provides InsightCloudSec with the ability to communicate with devices in your CrowdStrike Falcon account. The goal of this integration is to leverage InsightCloudSec capabilities to give organizations visibility into where the CrowdStrike Falcon Agent is deployed or missing across an organization’s AWS, Microsoft Azure, and Google Cloud Platform footprint.

For general information about Integrations (editing and deleting), refer to the Integrations Overview page.
If you need help with this integration, contact us through the Customer Support Portal.

Prerequisites and Requirements

Before getting started with this integration, ensure you have the following:

Domain or Org Admin permissions within InsightCloudSec
Familiarity and appropriate permissions for CrowdStrike
Required CrowdStrike configuration details to complete the integration:
- CrowdStrike Base URL
- CrowdStrike Client ID
- CrowdStrike Client Secret

InsightCloudSec Setup

These steps assume that you have a functional CrowdStrike implementation to integrate with InsightCloudSec. Refer to the CrowdStrike documentation for specific details on configuration of any CrowdStrike components. Note that this integration only applies to the Hosts component of the CrowdStrike Falcon platform.

To integrate your existing CrowdStrike Falcon setup, refer to the following steps:

Within InsightCloudSec navigate to Administration > Integrations.
Locate the CrowdStrike card on the Integrations landing page and select Edit.
Complete the integration form with the applicable details as follows:
- CrowdStrike Base URL
- CrowdStrike Client ID
- CrowdStrike Client Secret
Click Save to complete the integration.

Functional Details

Integration Configuration Specifics

After the integration is configured, InsightCloudSec will poll CrowdStrike daily at 2 a.m. UTC. This time was selected intentionally to avoid triggering API rate limiting during peak hours.

At present this polling time is not customizable, however a manual rescan can be triggered. Contact the team through the Customer Support Portal with any questions.

Supported Filters

This integration includes the following filters (assuming the integration is setup successfully):

Instance With CrowdStrike Agent Configured
Instance Without CrowdStrike Agent Configured

Did this page help you?

Integrations

Qualys Integration

Integrations

Sumo Logic Integration