CrowdStrike connector

This connector can be run in the cloud or using an on-premises connector server.

The CrowdStrike connector gathers data about devices and the applied CrowdStrike security policies.

This connector can also gather data about software if you are running CrowdStrike Falcon Discover in your work environment. The Neurons console does not have an option for enabling software imports, so you will need to update the API client created in the CrowdStrike application to gather this data. Do so by adding Read access for both the Assets and Hosts API scopes. You can update the API client at falcon.crowdstrike.com.

For information about what data is imported and how it is mapped, see Mapping (below).

Options

A CrowdStrike connector has the following options:

  • Connector name: A name for the connector.
  • Connector server name: The name of the connector server that this connector is associated with. When running the connector in the cloud, this server needs to be the Cloud option in the list.

    Each connector can only be associated with one connector server. If you added this connector to a specific connector server (on the Connectors > Connector Servers page), this field will be populated for you. Otherwise, you can select the server from the list.
  • CrowdStrike API Base URL: The default is https://api.crowdstrike.com.
  • Client ID: The ID for an API client created in the CrowdStrike application. The client must have Read access for the Hosts API scope. For information on how to create an API client, see Defining your first API Client on the CrowdStrike website.
  • Client secret: The secret associated with your API client.
  • Device threshold: To limit the amount of data that is gathered for Neurons, set a threshold for a specific number of days. The connector will only import devices that have checked in or changed during that time.
  • Repeats: How often the connector should gather data.
  • Start time: The time of day the connector should start running. To minimize the impact on your network and applications, we recommend that connectors generally run at night or on weekends.
  • Active: Whether the connector is active or not. While the connector is active, it runs according to the schedule you create. If you clear the check box, the connector is inactive and will not gather data until the check box is enabled again and the connector is saved.

For details on configuring or using connectors, see Setting up connectors.

Mapping

The data that this connector imports is mapped to target attributes in the Neurons Platform database.

For an overview of how the data imported by this connector is mapped to the Neurons target attributes, please download the CSV file using the button below.

Download mappings

For an overview of the Neurons target attributes per data type and the connector source attributes that are mapped to them, see Connector data mapping.