Add the CrowdStrike Feed
Copy link

Configure the CrowdStrike feed to be used as a source for Digital Risk Protection (Threat Command).

To add the CrowdStrike feed to Threat Intelligence (Intelligence Hub):

  1. Configure CrowdStrike:
    1. From CrowdStrike, open the Support > API Clients and Keys window.
    2. On the desired Oauth2 API client, click Edit.
    3. Ensure that Read is selected for Falcon X (indicators).
    4. Copy the Base URL.
  2. Configure Threat Intelligence (Intelligence Hub) feed:
    1. From the Threat Intelligence (Intelligence Hub) > Sources page, click CrowdStrike to display the feed configuration.
    2. Type the Client ID, Secret, and Base URL (from the previous step).
    3. Click Save, then Test Credentials.
    4. Enable the feed.