Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.
Device Configuration: CrowdStrike
Overview
This is a cloud-based device which is added to the UI using API call, and we fetch logs from crowd strike by filling all the entries mentioned in the screenshot below.
Steps of integration in the Seceon UI
Login into the Seceon GUI Portal with administrative rights and navigate to >>Inside respective tenant >>Provisioning >> Add on devices
To add Crowdstrike support, Follow the steps that are mentioned below.
Enter the name of the device.
Enter the CCE IP
Steps to generate a Client ID and Secret key from Crowdstrike Console
Login to Crowdstrike as Admin access.
Add new API client
Enter Client name, description and tick mark (read) for Event Stream, Incident & Detection options/permissions
Save the Generated Client ID, Secret key and BaseUrl in Notepad (as the Secret key will vanish as we switch tabs).
Now enter the generated Client ID in Access ID/user name and Client Secret in the password/Secret Key section.
Now invalid JSON Format in the last field enter BaseUrl in the config as
{"host": "Host-Value"}
Note: Value can have one of these fields ( e.g.
{"host": "api.laggar.gcw.crowdstrike.com"}
) as per the host where your Crowdstrike has been hosted i.e.,
Click on the Save button.
Note:
You need to whitelist these domains on the firewall (if any) as per where your crowdstrike has been hosted -
Firehose
API
api.crowdstrike.com(must whitelist for authorization)
3. Port
The port used for making API requests is 443.
Verification
Check UI:
Going to the System tab, we will check that we are seeing Crowdstrike
Seceon Inc. All rights reserved. https://www.seceon.com