CrowdStrike Integration

The CrowdStrike integration provides Cloud Security (InsightCloudSec) with the ability to communicate with devices in your CrowdStrike Falcon account. The goal of this integration is to leverage Cloud Security (InsightCloudSec) capabilities to give organizations visibility into where the CrowdStrike Falcon Agent is deployed or missing across an organization’s AWS, Microsoft Azure, and Google Cloud Platform footprint.

• For general information about Integrations (editing and deleting), refer to the Integrations Overview page.
• If you need help with this integration, contact us through the Customer Support Portal .

Prerequisites and Requirements

Before getting started with this integration, ensure you have the following:

• Domain or Org Admin permissions within Cloud Security (InsightCloudSec)
• Familiarity and appropriate permissions for CrowdStrike
• Required CrowdStrike configuration details to complete the integration:
  • CrowdStrike Base URL
  • CrowdStrike Client ID
  • CrowdStrike Client Secret

Cloud Security (InsightCloudSec) Setup

These steps assume that you have a functional CrowdStrike implementation to integrate with Cloud Security (InsightCloudSec). Refer to the CrowdStrike documentation  for specific details on configuration of any CrowdStrike components. Note that this integration only applies to the Hosts component of the CrowdStrike Falcon platform.

To integrate your existing CrowdStrike Falcon setup, refer to the following steps:

1. Within Cloud Security (InsightCloudSec) navigate to Settings > Integrations.

2. Locate the CrowdStrike card on the Integrations landing page and select Edit.

3. Complete the integration form with the applicable details as follows:

   • CrowdStrike Base URL
   • CrowdStrike Client ID
   • CrowdStrike Client Secret

4. Click Save to complete the integration.

Functional Details

Integration Configuration Specifics

After the integration is configured, Cloud Security (InsightCloudSec) will poll CrowdStrike daily at 2 a.m. UTC. This time was selected intentionally to avoid triggering API rate limiting during peak hours.

At present this polling time is not customizable, however a manual rescan can be triggered. Contact the team through the Customer Support Portal  with any questions.

Supported Filters

This integration includes the following filters (assuming the integration is setup successfully):

• Instance With CrowdStrike Agent Configured
• Instance Without CrowdStrike Agent Configured