Overview

This is a cloud-based device which is added to the UI using API call, and we fetch logs from crowd strike by filling all the entries mentioned in the screenshot below.

Steps of integration in the Seceon UI

Login into the Seceon GUI Portal with administrative rights and navigate to >>Inside respective tenant >>Provisioning >> Add on devices

To add Crowdstrike support, Follow the steps that are mentioned below.

• Enter the name of the device.

• Enter the CCE IP

Steps to generate a client ID and key at Crowdstrike Console

• Login to Crowdstrike as Admin access.

•  Add new API client

• Enter Client name, description and tick mark (read) for Event Stream, Incident & Detection options

• 

• Save the Generated Client ID, Secret key and BaseUrl in Notepad (as the Secret key will vanish as we switch tabs).

• Now enter the generated client ID in Access ID/user name and client secret in the password/Secret Key section.

• Now invalid JSON Format in the last field enter BaseUrl in the config as {"host": "Host-Value"}

  • Note: Value can have one of these fields ( e.g. {"host": "api.laggar.gcw.crowdstrike.com"} ) as per the host where your Crowdstrike has been hosted i.e.,

    • api.crowdstrike.com

    • api.us-2.crowdstrike.com

    • api.laggar.gcw.crowdstrike.com

    • api.eu-1.crowdstrike.com

• Click on the Save button.

Note:

You need to whitelist these domains on the firewall (if any) as per where your crowdstrike has been hosted -

1. Firehose

   1. firehose.crowdstrike.com

   2. firehose.us-2.crowdstrike.com

   3. firehose.laggar.gcw.crowdstrike.com

   4. firehose.eu-1.crowdstrike.com

2. API

   1. api.crowdstrike.com(must whitelist for authorization)

   2. api.us-2.crowdstrike.com

   3. api.laggar.gcw.crowdstrike.com

   4. api.eu-1.crowdstrike.com

 3. Port

The port used for making API requests is 443.

Verification

Check UI:

Going to the System tab, we will check that we are seeing Crowdstrike