Fortinet white logo
Fortinet white logo

Administration Guide

Integration with Crowdstrike

Integration with Crowdstrike

1. Configure CrowdStrike

Note

OAuth2 will be used for authentication of the incoming REST API requests.

1.1 REST API Permission

To define a CrowdStrike API client, you must be designated as the Falcon Administrator role to view, create, or modify API clients or keys. Secrets are only shown when a new API Client is created or when it is reset.

1.2 Create client ID and client secret

  1. Log in to the Falcon UI.
  2. Go to Support > API Clients and Keys to view existing clients, add new API clients, or view the audit log.
  3. Click Add new API Client. You will be prompted to provide a descriptive name and select the appropriate API scopes.
  4. Click Save. You will be presented with the Client ID and Client Secret. The secret will only be shown once and should be stored in a secure place. If the Client Secret is lost, a reset must be performed and any applications relying on the Client Secret will need to be updated with the new credentials.

2. Configure FortiDeceptor

  1. In FortiDeceptor, go to Fabric > Quarantine Integration.
  2. Click + Quarantine Integration with new device. The Integrate With New Device window opens.
  3. Configure the integration settings.

    NameEnter the Quarantine Integration name.
    Integrate MethodSelect CrowdStrike-Isolation from the dropdown list.
    Server URLSet the server URL
    Client IDEnter the Client ID.

    Client Secret

    Enter the Client Secret.

  4. Click Save.
  5. Confirm the status is Ready.

Integration with Crowdstrike

Integration with Crowdstrike

1. Configure CrowdStrike

Note

OAuth2 will be used for authentication of the incoming REST API requests.

1.1 REST API Permission

To define a CrowdStrike API client, you must be designated as the Falcon Administrator role to view, create, or modify API clients or keys. Secrets are only shown when a new API Client is created or when it is reset.

1.2 Create client ID and client secret

  1. Log in to the Falcon UI.
  2. Go to Support > API Clients and Keys to view existing clients, add new API clients, or view the audit log.
  3. Click Add new API Client. You will be prompted to provide a descriptive name and select the appropriate API scopes.
  4. Click Save. You will be presented with the Client ID and Client Secret. The secret will only be shown once and should be stored in a secure place. If the Client Secret is lost, a reset must be performed and any applications relying on the Client Secret will need to be updated with the new credentials.

2. Configure FortiDeceptor

  1. In FortiDeceptor, go to Fabric > Quarantine Integration.
  2. Click + Quarantine Integration with new device. The Integrate With New Device window opens.
  3. Configure the integration settings.

    NameEnter the Quarantine Integration name.
    Integrate MethodSelect CrowdStrike-Isolation from the dropdown list.
    Server URLSet the server URL
    Client IDEnter the Client ID.

    Client Secret

    Enter the Client Secret.

  4. Click Save.
  5. Confirm the status is Ready.