Add the CrowdStrike Feed
Configure the CrowdStrike feed to be used as a source for Digital Risk Protection (Threat Command).
To add the CrowdStrike feed to Threat Intelligence (Intelligence Hub):
- Configure CrowdStrike:
- From CrowdStrike, open the Support > API Clients and Keys window.
- On the desired Oauth2 API client, click Edit.
- Ensure that Read is selected for Falcon X (indicators).
- Copy the Base URL.
- Configure Threat Intelligence (Intelligence Hub) feed:
- From the Threat Intelligence (Intelligence Hub) > Sources page, click CrowdStrike to display the feed configuration.
- Type the Client ID, Secret, and Base URL (from the previous step).
- Click Save, then Test Credentials.
- Enable the feed.