Integration with Crowdstrike
1 Configure CrowdStrike
OAuth2 will be used for authentication of the incoming REST API requests. |
1.1 REST API Permission
To define a CrowdStrike API client, you must be designated as the Falcon Administrator role to view, create, or modify API clients or keys. Secrets are only shown when a new API Client is created or when it is reset.
1.2 Create client ID and client secret
- Log in to the Falcon UI.
- Go to Support > API Clients and Keys to view existing clients, add new API clients, or view the audit log.
- Click Add new API Client. You will be prompted to provide a descriptive name and select the appropriate API scopes.
- Click Save. You will be presented with the Client ID and Client Secret. The secret will only be shown once and should be stored in a secure place. If the Client Secret is lost, a reset must be performed and any applications relying on the Client Secret will need to be updated with the new credentials.
2. Configure FortiDeceptor
- In FortiDeceptor, go to Fabric > Quarantine Integration.
- Click + Quarantine Integration with new device. The Integrate With New Device window opens.
- Configure the integration settings.
Name Enter the Quarantine Integration name. Integrate Method Select CrowdStrike-Isolation from the dropdown list. Server URL Set the server URL Client ID Enter the Client ID. Client Secret
Enter the Client Secret.
- Click Save.
- Confirm the status is Ready.