Integrating with Crowdstrike

Introduction

Follow this article to integrate Blackpoint with CrowdStrike. We've broken down the integration into five steps:

  1. Create New API Client
  2. Verify Integration in Blackpoint Portal

Prerequisites

  • You must have access to the CrowdStrike portal.

Instructions

Create New API Client

  1. Sign in to your CrowdStrike portal
  2. Expand the menu navigation bar > Select Support and resources > API client and keys

  • Select Add new API client

  1. Enter Client name
  2. Set API Scope
    1. Detections – Read
    2. Hosts – Read
    3. Actors – Read
    4. Incidents – Read
    5. OverWatch Dashboard – Read
    6. Real time response – Read

  3. Select Add
  4. Copy the Base URL, Client ID, and Secret

  5. Confirm the API client is added

Verify Integration in Blackpoint Portal

  1. Sign in to the Blackpoint add-ons portal
  2. Select CrowdStrike Integration from the navigation menu
  3. Enter "Tenant Name", "Crowdstrike API URL", "Client ID", "Client Secret" > Connect

  4. Check the customer's account in SNAP-Defense to confirm the integration is working. You should see the device list synchronize and list all devices running the CrowdStrike agent.

    Setup Complete.