This is a cloud connector.
The CrowdStrike connector gathers data about devices and the applied CrowdStrike security policies.
What data is imported?
- Device name
- Manufacturer and model
- Serial number
- Device CrowdStrike ID and status
- IP and MAC addresses
- Operating system version
- BIOS manufacturer and version
- CrowdStrike provisioning status
- First and most recent check-in date
- Prevention, sensor update, device control, global config, remote response, and firewall policy information
- Date the policies were assigned and applied
- CrowdStrike groups
A CrowdStrike connector has the following options:
- Connector name: A name for the connector.
- Connector server name: For cloud connectors, this server is the Cloud option on the Connector Servers page. If you already added the connector to the Cloud option, this field will be populated for you. Otherwise, select Cloud from the list.
- Device threshold. To limit the amount of data that is gathered for Neurons, set a threshold for a specific number of days. The connector will not include records unless the device has checked in or otherwise changed during that time.
- Client ID: The ID for an API client created in the CrowdStrike application. The client must have Read access for the Hosts API scope. For information on how to create an API client, see Defining your first API Client on the CrowdStrike website.
- Client secret. The secret associated with your API client.
- Repeats: How often the connector should gather data.
- Start time: The time of day the connector should start running. To minimize the impact on your network and applications, we recommend that connectors generally run at night or on weekends.
- Active: Whether the connector is active or not. While the connector is active, it runs according to the schedule you create. If you clear the check box, the connector is inactive and will not gather data until the check box is enabled again and the connector is saved.
For details on configuring or using connectors, see Setting up connectors.