Blumira’s cloud SIEM platform integrates with Crowdstrike’s Falcon Platform to detect cybersecurity threats and provide an automated or actionable response to remediate when a threat is detected on an endpoint.
When configured, the Blumira integration with Crowdstrike’s Falcon Platform will stream server and workstation endpoint security event logs and alerts to the Blumira service for threat detection and actionable response.
Configuration Crowdstrike for API Access
Refer to Crowdstrike Document if needed: https://www.crowdstrike.com/blog/tech-center/get-access-falcon-apis/
First, you must be designated as Falcon Administrator role to view, create, or modify API clients or keys. Secrets are only shown when a new API Client is created or when it is reset.
1.When logged into the Falcon UI, navigate to Support > API Clients and Keys.
2. From there, you can view existing clients, add new API clients. When you click “Add new API Client” you will be prompted to give a descriptive name and select the appropriate API scopes. After you click save, you will be presented with the Client ID and Client Secret. The secret will only be shown once and should be stored in a secure place. It will be used in the next steps on the Blumira side. If the Client Secret is lost, a reset must be performed and any applications relying on the Client Secret will need to be updated with the new credentials.
3. Save the Client ID and Secret.
Configure Blumira with the Crowdstrike API
1. Navigate to Infrastructure > Sensors tab.
2. Click “Add Module” button in middle of page and find the newest Crowdstike module available.
3. Enter in the Client ID and Secret you just generated in your Crowdstrike portal.
4. Click “Install” and you’re all done!