Crowdstrike API authentication

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

This is Crowdstrike base template which is used to generate access token and this is used in actual crowdstrike templates. This playbook gets triggered when a new Http request is created and this is being called from other Crowdstrike playbooks.

Attribute Value
Type Playbook
Solution CrowdStrike Falcon Endpoint Protection
Source View on GitHub

Additional Documentation

📄 Source: CrowdStrike_Base/readme.md

CrowdStrike_Base

## Summary This is Crowdstrike base template which is used to generate access token and this is used in actual crowdstrike templates. This playbook gets triggered when a new Http request is created and this is being called from other Crowdstrike playbooks.

CrowdStrike_Base

Prerequisites

  1. Azure Key vault is required for storing the Crowdstrike ClientID and Secrets, create key vault if not exists learn how
  2. Add Crowdstrike Client ID and Client Secret in Key vault secrets and capture the keys which are required during the template deployment

Deployment instructions

  1. Deploy the playbook by clicking on "Deploy to Azure" button. This will take you to deploying an ARM Template wizard.

  2. Fill in the required parameters:

    • keyvault_vaultName: Enter the Key vault name where the client ID and client secret is stored. secrets in key vault are used to generate the authorization key.
    • ClientID: Enter the client Id key name used in key vault
    • ClientSecret: Enter the client secret key name used in key vault
    • Service_Endpoint: Enter the service endpoint of crowdstrike ex: {https://crowdsrtikeurl.com}
    • Playbook_Name: Enter the playbook name here (Ex:CrowdStrike_Base)

Post-Deployment instructions

a. Authorize playbook

Once deployment is complete, we need to add the playbook in the access policy of the Keyvault learn how

Deploy to Azure Deploy to Azure

Playbook steps explained

When a Http request is received

When a http request is received from another playbook or if this playbook is run manually, this playbook will be triggered

Initialize variable ClientID

Initialize a string variable which holds the ClientID key name from Keyvault

Initialize variable ClientSecret

Initialize a string variable which holds the ClientSecret key name from Keyvault

Get secret - Client ID

This gets the Client Id secret Value from Keyvault

Get secret - Client Secret

This gets the ClientSecret secret Value from Keyvault

Initialize variable Falcon Host URL

Initialize a string variable which holds the crowdstrike host Url

HTTP - Get Access Token

This action will get the OAuth2 access token from Crowdstike using ClientID and ClientSecret as inputs

Parse JSON - Access Token Response

This action will parse the response in to Json format

Response

This holds the access token and Crowdstrike host URL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Playbooks · Back to CrowdStrike Falcon Endpoint Protection