AgileBlue can leverage the CrowdStrike API & Event Stream in order to ingest and monitor important security data from the CrowdStrike platform.
Supported Versions
- CrowdStrike API Version v1/v2
Setup Steps
For related CrowdStrike documentation, click here.
- Log in to the CrowdStrike Console with CrowdStrike Falcon administrator credentials
- Navigate to Support > API Clients and Keys
- Select Add new API client
- Fill out the following fields
- Client Name: AgileBlue
- Description: Description of the purpose of the API client
- API Scopes:
- Alert – read:alert
- Host – read:host
- Event Stream – read: Event streams
- Click Add and take note of the Client ID and Client Secret Key
- Collect your Token URL, which will be the same URL displayed when you log in to the console followed by /oauth2/token (for most U.S.-based commercial tenants, the URL will be: https://api.crowdstrike.com/oauth2/token)
- Next, determine your API Endpoint URL, which will be similar to your Token URL but with api in place of falcon (Ex. https://api.crowdstrike.com)
- Securely send the following information to support@agileblue.com:
- Client ID
- Client Secret
- Token URL
- API Endpoint URL
- Crowdstrike App ID (this will match the Client ID for the API client you created)
Need Help?
AgileBlue is always here to support you and ensure you are 100% successful. If there are any issues with the installation or if you have any questions, please reach out to AgileBlue Support.
Email: support@agileblue.com
Phone: (216) 606-9400🚨