CrowdStrike Integration

The CrowdStrike integration provides InsightCloudSec with the ability to communicate with devices in your CrowdStrike Falcon account. The goal of this integration is to leverage InsightCloudSec capabilities to give organizations visibility into where the CrowdStrike Falcon Agent is deployed or missing across an organization’s AWS, Microsoft Azure, and Google Cloud Platform footprint.

Prerequisites and Requirements

Before getting started with this integration, ensure you have the following:

  • Domain or Org Admin permissions within InsightCloudSec
  • Familiarity and appropriate permissions for CrowdStrike
  • Required CrowdStrike configuration details to complete the integration:
    • CrowdStrike Base URL
    • CrowdStrike Client ID
    • CrowdStrike Client Secret

InsightCloudSec Setup

These steps assume that you have a functional CrowdStrike implementation to integrate with InsightCloudSec. Refer to the CrowdStrike documentation for specific details on configuration of any CrowdStrike components. Note that this integration only applies to the Hosts component of the CrowdStrike Falcon platform.

To integrate your existing CrowdStrike Falcon setup, refer to the following steps:

  1. Within InsightCloudSec navigate to Administration > Integrations.

  2. Locate the CrowdStrike card on the Integrations landing page and select Edit.

  3. Complete the integration form with the applicable details as follows:

    • CrowdStrike Base URL
    • CrowdStrike Client ID
    • CrowdStrike Client Secret
  4. Click Save to complete the integration.

Functional Details

Integration Configuration Specifics

After the integration is configured, InsightCloudSec will poll CrowdStrike daily at 2 a.m. UTC. This time was selected intentionally to avoid triggering API rate limiting during peak hours.

At present this polling time is not customizable, however a manual rescan can be triggered. Contact the team through the Customer Support Portal with any questions.

Supported Filters

This integration includes the following filters (assuming the integration is setup successfully):

  • Instance With CrowdStrike Agent Configured
  • Instance Without CrowdStrike Agent Configured