CrowdStrike connector

This is a cloud connector.

The CrowdStrike connector gathers data about devices and the applied CrowdStrike security policies.

This connector can also gather data about software if you are running CrowdStrike Falcon Discover in your work environment. The Neurons console does not have an option for enabling software imports, so you will need to update the API client created in the CrowdStrike application to gather this data. Do so by adding Read access for both the Assets and Hosts API scopes. You can update the API client at falcon.crowdstrike.com.

For information about what data is imported and how it is mapped, see Mapping (below).

Options

A CrowdStrike connector has the following options:

  • Connector name: A name for the connector.
  • Connector server name: For cloud connectors, this server is the Cloud option on the Connector Servers page. If you already added the connector to the Cloud option, this field will be populated for you. Otherwise, select Cloud from the list.
  • Client ID: The ID for an API client created in the CrowdStrike application. The client must have Read access for the Hosts API scope. For information on how to create an API client, see Defining your first API Client on the CrowdStrike website.
  • CrowdStrike API Base URL: The default is https://api.crowdstrike.com.
  • Client secret: The secret associated with your API client.
  • Device threshold: To limit the amount of data that is gathered for Neurons, set a threshold for a specific number of days. The connector will not include records unless the device has checked in or otherwise changed during that time.
  • Repeats: How often the connector should gather data.
  • Start time: The time of day the connector should start running. To minimize the impact on your network and applications, we recommend that connectors generally run at night or on weekends.
  • Active: Whether the connector is active or not. While the connector is active, it runs according to the schedule you create. If you clear the check box, the connector is inactive and will not gather data until the check box is enabled again and the connector is saved.

For details on configuring or using connectors, see Setting up connectors.

Mapping

The data that this connector imports is mapped to target attributes in the Neurons Platform database.

  • Device name
  • Manufacturer and model
  • Serial number
  • Device CrowdStrike ID and status
  • IP and MAC addresses
  • Operating system version
  • BIOS manufacturer and version
  • CrowdStrike provisioning status
  • First and most recent check-in date
  • Prevention, sensor update, device control, global config, remote response, and firewall policy information
  • Date the policies were assigned and applied
  • CrowdStrike groups

For an overview of how the data imported by this connector is mapped to the Neurons target attributes, please download the CSV file using the button below.

Download mappings

For an overview of the Neurons target attributes per data type and the connector source attributes that are mapped to them, see Connector data mapping.