1. Help Center
  2. Application Integrations

CrowdStrike Integration

AgileBlue can leverage the CrowdStrike API & Event Stream in order to ingest and monitor important security data from the CrowdStrike platform.

Supported Versions

  • CrowdStrike API Version v1/v2

Setup Steps

For related CrowdStrike documentation, click here.

  1. Log in to the CrowdStrike Console with CrowdStrike Falcon administrator credentials
  2. Navigate to Support > API Clients and Keys
  3. Select Add new API client
  4. Fill out the following fields
    1. Client Name: AgileBlue
    2. Description: Description of the purpose of the API client
    3. API Scopes: 
      1. Alert – read:alert
      2. Host – read:host
      3. Event Stream – read: Event streams
  5. Click Add and take note of the Client ID and Client Secret Key
  6. Collect your Token URL, which will be the same URL displayed when you log in to the console followed by /oauth2/token (for most U.S.-based commercial tenants, the URL will be: https://api.crowdstrike.com/oauth2/token)
  7. Next, determine your API Endpoint URL, which will be similar to your Token URL but with api in place of falcon (Ex. https://api.crowdstrike.com)
  8. Securely send the following information to support@agileblue.com:
    1. Client ID
    2. Client Secret
    3. Token URL
    4. API Endpoint URL
    5. Crowdstrike App ID (this will match the Client ID for the API client you created)

Need Help?

AgileBlue is always here to support you and ensure you are 100% successful. If there are any issues with the installation or if you have any questions, please reach out to AgileBlue Support.

Email: support@agileblue.com 
Phone: (216) 606-9400
🚨