Add the CrowdStrike Feed

Configure the CrowdStrike feed to be used as a source for Threat Command.

To add the CrowdStrike feed to Threat Command:

  1. Configure CrowdStrike:
    1. From CrowdStrike, open the Support > API Clients and Keys window.
      temporary placeholder
    2. On the desired Oauth2 API client, click Edit (step A).
    3. Ensure that Read  is selected for Falcon X (indicators).
    4. Copy the Base URL (step B).
  2. Configure Threat Command feed:
    1. From the TIP > Sources page, click CrowdStrike.
      The feed configuration is displayed.
      temporary placeholder
    2. Type the Client ID, Secret, and Base URL (from the previous step).
    3. Click Save, then Test Credentials.
    4. Enable the feed.