Adding CrowdStrike credentials to Oomnitza

To stream CrowdStrike Falcon network data into Oomnitza, add your CrowdStrike Falcon Client ID and Secret to the credentials vault in Oomnitza. 

Contents

1. Retrieving connection information from CrowdStrike
2. About adding credentials to Oomnitza
3. Adding global variables
4. Adding credentials

Retrieving connection information

You must retrieve the following information to add your credentials to Oomnitza:

• CrowdStrike base URL
• CrowdStrike client ID and secret

1. Log in to the Falcon UI.
2. Go to Support > API Clients and Keys.
3. Click Add new API Client.
4. Enter a name.
   1. Select the Hosts (Read) and Host Groups (Read) scopes for the asset integration. If you plan to run asset workflows, you must also have Write access.
   2. Select the User management (Read) scope for the user integration and SaaS workflow. If you plan to run one or more of the following user workflows, you must also have Write access: CrowdStrike Change User Name, CrowdStrike Change User Roles, CrowdStrike Delete User, and CrowdStrike Remove User Role.
5. Click Save.  Make sure you copy the base URL, client ID, and secret.

See CrowdStrike Authentication Guide

Adding CrowdStrike Falcon credentials to Oomnitza

About adding credentials

In the CrowdStrike Cloud Environment field, you enter a part of the base URL for CrowdStrike. You get the base URL when you generate the client ID and secret.

To enter the CrowdStrike Cloud Environment, you trim the prefix https:// and the suffix .comfrom the base URL. 

For example, if the base URL for your Crowdstrike Falcon instance is https://api.crowdstrike.com, you enter api.crowdstrike.

CrowdStrike base URLs might change or new base URLs might be added. The source of truth is the CrowdStrike Falcon Wiki. To check out the base URLs, go to the Glossary of Terms, and open the Base URL page.

Table: CrowdStrike Cloud Environment values 

Adding global variables

Save time when you create integrations and run workflows by adding connection information as global variables.

1. Click Configuration > General > Global Settings.
2. Click Add new variable.
3. Add the key value, which is the name of the variable.
4. Enter the value.
5. Save your changes.

The name of the key value is CrowdStrike Falcon.Api Domain.

To find out the value that you enter, see Table: CrowdStrike Cloud Environment values.

Important
US Commercial Cloud URL,https://api.crowdstrike.com, has a limit of 100,000 assets when you run the extended integration for CrowdStrike assets. All other CrowdStrike Cloud environments have a limit of 10,000 assets.

Adding credentials

To authorize connections between Oomnitza and CrowdStrike Falcon, complete these steps.

Figure: Adding credentials for CrowdStrike

Make life easier and add your credentials to Oomnitza before you create the integration.  

1. In Oomnitza, click Configuration > Security > Credentials.
2. Click Add new credential (+).
3. Search for the integration, and then click the forward arrow > to select the integration.
4. Enter your client credentials and any other additional information.
5. Click Authenticate. You are prompted to log in to authorize your request.
6. Click CREATE.

Add the information details

1. Click the AUTHORIZATION tab.
2. Ensure that OAuth 2.0 is selected as the Authorization type.
3. Ensure that Crowdstrike Falcon is selected from the SaaS list.
4. In the CrowdStrike Cloud Environment field, enter the highlighted part of the base URL for your region. If the base URL for your region is https:// api.crowdstrike.com, enter api.crowdstrike. 
5. Enter your CrowdStrike Falcon client ID and secret.
6. Click Authenticate.
7. Click CREATE. 

You use the credentials that you added to create and customize your CrowdStrike Falcon integrations with Oomnitza.