Add the CrowdStrike Feed
Copy link

Configure the CrowdStrike feed to be used as a source for Threat Intelligence (Intelligence Hub).

Prerequisites
Copy link

To add the Crowdstrike feed as a source, you must have access to the following endpoints as part of your CrowdStrike subscription:

  • /user/entities/user/v1
  • /iocs/ endpoints
  • /intel/combined/indicators/v1

Add the Crowdstrike Feed
Copy link

To add the CrowdStrike feed to Threat Intelligence:

  1. Configure CrowdStrike:
    1. From CrowdStrike, open the Support > API Clients and Keys window.
    2. On the desired Oauth2 API client, click Edit.
    3. Ensure that Read is selected for Falcon X (indicators).
    4. Copy the Base URL.
  2. Configure Threat Intelligence feed:
    1. From the Command Platform navigation panel, go to Data Connectors > Threat Intelligence > Sources.
    2. Click CrowdStrike to display the feed configuration.
    3. Enter the Client ID, Secret, and Base URL (from the previous step).
    4. Click Save, then Test Credentials.
    5. Enable the feed.