CrowdStrike API resources collector
Overview
The CrowdStrike Falcon platform is a powerful solution that includes EDR (Endpoint Detection and Response), next-generation anti-virus, and device control for endpoints. It also provides a whole host of other operational capabilities across IT operations and security including Threat Intelligence. The CrowdStrike API is managed from the CrowdStrike Falcon UI by the Falcon Administrator. From there, multiple API clients can be defined along with their required scope
Crowdstrike is one of the top data sources for Devo customers and prospects alike, so would encourage new customers to use this one, and existing ones to transition to this one soon.
Data source description
Data source | Subtype | Table | Service | Endpoint | Description | Available from release |
---|---|---|---|---|---|---|
Hosts | - |
|
|
Check the | Hosts are endpoints that run the Falcon sensor. You can get information and details about these agents. |
|
Incidents | - |
|
|
Check the | Incidents are events that occur in an organization which can represent a cybersecurity threat or an attack. |
|
Spotlight Vulnerabilities | - |
alias:
|
|
| Vulnerabilities are known security risks in an operating system, application, hardware, firmware, or other part of a computing stack. |
|
Behaviors | - |
|
|
| Behaviors are patterns of data transmissions in a network that are out of the norm, used to detect anomalies before cyber attacks occur. |
|
File Vantage |
|
|
|
| Collect data about changes to files, folders, and registries with Falcon FileVantage APIs. Store this data to help you meet certain compliance recommendations and requirements as listed in the Sarbanes–Oxley Act, National Institute for Standards and Technology (NIST), Health Insurance Portability and Accountability Act (HIPAA), and others. |
|
Event Stream (eStream) |
|
|
| The endpoints are dynamically generated by following this (simplified) approach:
| The Streaming API provides several types of events. |
|
|
|
| ||||
|
|
| ||||
|
|
| ||||
|
|
| ||||
|
|
| ||||
| Depending on the event’s
|
|
Vendor setup
In order to configure the Devo | CrowdStrike API Resources collector, you need to create an API client that will be used to authenticate API requests.
After getting your CrowdStrike Falcon Cloud credentials, log into the CrowdStrike Falcon Cloud dashboard.
Click the three dots in the left menu bar.
Click API Clients and Keys. This will open a page to create an API client.
Click Add API Client at the top right corner. Enter a CLIENT NAME and DESCRIPTION.
Then, enable the API scopes for your new API client. Click the required Read permissions for each scope and click ADD to create the client.
Finally, copy the Client ID and Client Secret shown on the next screen. You will need these values to configure the collector.
Devo collector features
Feature | Details |
---|---|
Allow parallel downloading ( | Not allowed |
Running environments | Cloud collector, on-premise |
Run the collector
Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).
API limitations
CrowdStrike does not apply limitations as long as its use is reasonable.
Change log
Release | Released on | Release type | Details | Recommendations |
---|---|---|---|---|
| Oct 9, 2024 | IMPROVEMENTS | Improvements
|
|
| Aug 7, 2024 | IMPROVEMENTS | Improvements
|
|
| Aug 7, 2024 | IMPROVEMENTS BUG FIXING | Improvements
Bug fixing
|
|
| May 17, 2024 | IMPROVEMENTS BUG FIXING | Improvements
Bug fixing
|
|
| Mar 26, 2024 | IMPROVEMENTS | Improvements
|
|
| Nov 27, 2023 | IMPROVEMENTS | Improvements:
|
|
| Jan 20, 2023 | IMPROVEMENTS | Improvements:
|
|
| Sep 15, 2022 | IMPROVEMENTS | Improvements:
Bug Fixing:
|
|
| Sep 15, 2022 | IMPROVEMENTS | Improvements:
|
|
| Sep 9, 2022 | IMPROVEMENTS FEATURE | Improvements:
New Features:
|
|
| Jul 7, 2022 | IMPROVEMENTS | Improvements:
|
|
| Apr 8, 2022 | IMPROVEMENTS VULNS | Improvements:
Vulnerabilities mitigation:
|
|
| Dec 16, 2021 | FEATURE | New Features:
|
|