CrowdStrike Falcon Discover

Version: 1.1
Updated: Jul 03, 2023

CrowdStrike Falcon Discover allows to quickly identify and eliminate malicious or noncompliant activity by providing unmatched real-time visibility into the devices, users, and applications in your network.

• Search Logins (Enrichment) - Search for logins in your environment.
• Search Accounts (Enrichment) - Search for accounts in your environment.
• Search Applications (Enrichment) - Search for applications in your environment.
• Search Assets (Enrichment) - Search for assets in your environment.
• Get Logins (Enrichment) - Get details on logins.
• Get Accounts (Enrichment) - Get details on accounts.
• Get Applications (Containment) - Get details on applications.
• Get Assets (Containment) - Get details on assets.

CrowdStrike Falcon Discover in Automation Service and Cloud SOAR

1. Access integrations in the Automation Service or Cloud SOAR.
2. After the list of the integrations appears, search for the integration and click on the row.
3. The integration details will appear. Click on the "+" button to add new Resource.
   
4. Populate all the required fields (*) and then click Save.
   • Label. The desired name for the resource.
   • API URL. https://api.crowdstrike.com.
   • Client ID. The unique identifier of the API client.
   • Client Secret. A secret code for an API client.
     
5. To make sure the resource is working, hover over the resource and then click the pencil icon that appears on the right.
   
6. Click TEST SAVED SETTINGS.
   
7. You should receive a successful notification in the bottom right corner.
   

Note

Refer to Falcon documentation to know more on creating FQL Query Filter.

Change Log

• March 16, 2023 (v1.0) - First upload
• July 3, 2023 (v1.1) - Removed leading/trailing spaces