Integrating with Crowdstrike

Introduction

Follow this article to integrate Blackpoint with Crowdstrike. We've broken down the integration into five steps:

  1. Create a new API client
  2. Name the API client and set the API scope
  3. Copy the Base URL, Client ID, and Secret
  4. Add the Crowdstrike integration in the Blackpoint Portal
  5. Verifying your integration in SNAP-Defense

Prerequisites

You must have access to the Crowdstrike portal.

Instructions

  1. Sign-in to your Crowdstrike portal
  2. Expand the menu navigation bar > Select Support and resources > API client and keys
  3. Select Add new API client
    Enter Client name
  4. Set API Scope
    1. Detections – Read
    2. Hosts – Read
    3. Actors – Read
    4. Incidents – Read
    5. OverWatch Dashboard – Read
    6. Real time response – Read
  5. Select Add
  6. Copy the Base URL, Client ID, and Secret
  7. Confirm the API client is added
  8. Sign-in to the Blackpoint add-ons portal
  9. Select Crowdstrike Integration from the navigation menu
  10. Enter "Tenant Name", "Crowdstrike API URL", "Client ID", "Client Secret" > Connect
  11. Check the customer's account in SNAP-Defense to confirm the integration is working. You should see the device list synchronize and list all devices running the Crowdstrike agent.


    Setup Complete.