Crowdstrike API authentication
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This is Crowdstrike base template which is used to generate access token and this is used in actual crowdstrike templates. This playbook gets triggered when a new Http request is created and this is being called from other Crowdstrike playbooks.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | CrowdStrike Falcon Endpoint Protection |
| Source | View on GitHub |
Logic App Connectors
This playbook uses 2 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
keyvault |
Managed | 0 | 2 |
http |
Built-in | 0 | 1 |
Action parameters (URLs, paths, function IDs)
keyvault (Managed)
| Action | Method | Endpoint | Other |
|---|---|---|---|
| Get_secret_-_Client_ID | get | /secrets/@{encodeURIComponent(variables('ClientID'))}/value |
— |
| Get_secret_-_Client_Secret | get | /secrets/@{encodeURIComponent(variables('ClientSecret'))}/value |
— |
http (Built-in)
| Action | Method | Endpoint | Other |
|---|---|---|---|
| HTTP_-_Get_Access_Token | POST | @{variables('FalconHost')}/oauth2/token |
— |
Additional Documentation
📄 Source: CrowdStrike_Base/readme.md
CrowdStrike_Base
Summary
This is Crowdstrike base template which is used to generate access token and this is used in actual crowdstrike templates. This playbook gets triggered when a new Http request is created and this is being called from other Crowdstrike playbooks.
Prerequisites
- Azure Key vault is required for storing the Crowdstrike ClientID and Secrets, create key vault if not exists learn how
- Add Crowdstrike Client ID and Client Secret in Key vault secrets and capture the keys which are required during the template deployment
Deployment instructions
Deploy the playbook by clicking on "Deploy to Azure" button. This will take you to deploying an ARM Template wizard.
Fill in the required parameters:
- keyvault_vaultName: Enter the Key vault name where the client ID and client secret is stored. secrets in key vault are used to generate the authorization key.
- ClientID: Enter the client Id key name used in key vault
- ClientSecret: Enter the client secret key name used in key vault
- Service_Endpoint: Enter the service endpoint of crowdstrike ex: {https://crowdsrtikeurl.com}
- Playbook_Name: Enter the playbook name here (Ex:CrowdStrike_Base)
Post-Deployment instructions
a. Authorize playbook
Once deployment is complete, we need to add the playbook in the access policy of the Keyvault learn how
Playbook steps explained
When a Http request is received
When a http request is received from another playbook or if this playbook is run manually, this playbook will be triggered
Initialize variable ClientID
Initialize a string variable which holds the ClientID key name from Keyvault
Initialize variable ClientSecret
Initialize a string variable which holds the ClientSecret key name from Keyvault
Get secret - Client ID
This gets the Client Id secret Value from Keyvault
Get secret - Client Secret
This gets the ClientSecret secret Value from Keyvault
Initialize variable Falcon Host URL
Initialize a string variable which holds the crowdstrike host Url
HTTP - Get Access Token
This action will get the OAuth2 access token from Crowdstike using ClientID and ClientSecret as inputs
Parse JSON - Access Token Response
This action will parse the response in to Json format
Response
This holds the access token and Crowdstrike host URL
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Playbooks · Back to CrowdStrike Falcon Endpoint Protection