Add the CrowdStrike Feed

Configure the CrowdStrike feed to be used as a source for Threat Command.

To add the CrowdStrike feed to Threat Command:

  1. Configure CrowdStrike:
    1. From CrowdStrike, open the Support > API Clients and Keys window.
      temporary placeholder
    1. On the desired Oauth2 API client, click Edit (step A).
    2. Ensure that Read  is selected for Falcon X (indicators).
    3. Copy the Base URL (step B).
  1. Configure Threat Command feed:
    1. From the TIP > Sources page, click CrowdStrike.
  • The feed configuration is displayed.
    temporary placeholder
    1. Type the Client ID, Secret, and Base URL (from the previous step).
    2. Click Save, then Test Credentials.
    3. Enable the feed.