How to integrate CrowdStrike Falcon account?

Overview

To authenticate with CrowdStrike Falcon, you will need to provide the following information:

• Client ID
• Client Secret
• Base URL

Step 1: Login to CrowdStrike Falcon Console

1. Sign in to your CrowdStrike Falcon Console
2. Ensure you have an account with API Client Administrator permissions or equivalent role

Step 2: Navigate to API Clients & Keys

1. In the Falcon console, click the hamburger menu (☰) in the top-left corner
2. Navigate to Support and resources
3. Select API Clients and Keys

Step 3: Create a New API Client

1. Click Add new API client

2. Fill in the following details:

   • Client name: Enter a descriptive name (e.g., "Unizo Integration")
   • Description (optional): Add details about the integration purpose

3. Select API Scopes - Choose the minimum required permissions for your use case:

   Essential Scopes for EDR/XDR Integration:

   • Hosts: Read
   • Detections: Read, Write
   • Incidents: Read, Write
   • Real Time Response: Read, Write (if needed)
   • Prevention Policies: Read
   • Device Control Policies: Read
   • User Management: Read (optional)

4. Click Create

Step 4: Copy Client ID, Client Secret and Base URL

After creating the API client, a dialog will display your credentials:

1. Client ID: Copy and save this value

2. Client Secret: Copy immediately - this is shown only once

3. Base URL: Note your base URL, which varies by region:

   • US-1: https://api.crowdstrike.com
   • US-2: https://api.us-2.crowdstrike.com
   • EU-1: https://api.eu-1.crowdstrike.com
   • US-GOV-1: https://api.laggar.gcw.crowdstrike.com

   Important:

   • The Base URL is determined by your CrowdStrike instance location
   • If unsure, check the URL of your Falcon console login page