How to integrate CrowdStrike Falcon account?
Overview
To authenticate with CrowdStrike Falcon, you will need to provide the following information:
- Client ID
- Client Secret
- Domain
Step 1: Login to CrowdStrike Falcon Console
- Sign in to your CrowdStrike Falcon Console
- Ensure you have an account with API Client Administrator permissions or equivalent role
Step 2: Navigate to API Clients & Keys
- In the Falcon console, click the hamburger menu (☰) in the top-left corner
- Navigate to Support and resources
- Select API Clients and Keys
Step 3: Create a New API Client
-
Click Add new API client
-
Fill in the following details:
- Client name: Enter a descriptive name (e.g., "Unizo Integration")
- Description (optional): Add details about the integration purpose
-
Select API Scopes - Choose the minimum required permissions for your use case:
Essential Scopes for EDR/XDR Integration:
| Scope | Read | Write | Purpose |
|---|---|---|---|
| Alerts | ✅ | ❌ | Query alert data and threat/EDR events |
| Hosts | ✅ | ✅ | Query endpoint information and quarantine endpoints from network. Excluding the write permissions disables the quarantine feature. |
| Assets | ✅ | ❌ | Query application data |
| Zero Trust Assessment | ✅ | ❌ | Query Security posture scores |
- Click Create
Step 4: Copy Client ID, Client Secret and Base URL
After creating the API client, a dialog will display your credentials:
-
Client ID: Copy and save this value
-
Client Secret: Copy immediately - this is shown only once
-
Domain:Your cFalcon domain is the unique part of the URL you use to access Crowdstrike. For example:
- https://falcon.us-2.crowdstrike.com/ -> Your Jira domain is falcon.us-2