Skip to main content
Sign in

Adding your CrowdStrike credentials to Oomnitza

  • December 05, 2022 16:55
  • Updated

Best practice
For the integration with Oomnitza, create a dedicated user account.

To stream CrowdStrike Falcon network data into Oomnitza, you must add your CrowdStrike Falcon Client ID and Secret to the credentials vault in Oomnitza. 

Cloud Strike OAuth credentials

To obtain your CrowdStrike Client ID and Secret, complete the following steps

  1. Log in to the Falcon UI
  2. Navigate to Support > API Clients and Keys
  3. Click Add new API Client
  4. Enter a name.
    1. Select the Hosts (Read) and Host Groups (Read) scopes for the asset integration. If you plan to run any of the asset workflows, you need to also have Write access.
    2. Select the User management (Read) scope for the user integration and SaaS workflow. If you plan to run any of the following user workflows, you need to also have Write access: CrowdStrike Change User Name, CrowdStrike Change User Roles, CrowdStrike Delete User, and CrowdStrike Remove User Role.
  5. Click Save. Copy the Base URL, Client ID, and Secret values.

For further information, refer to the CrowdStrike Blog: Getting access to the CrowdStrike API

Don't forget to keep the Client ID and Client Secret that you created. You'll need this information to add credentials to Oomnitza.

CloudStrike API Domain

You'll also need the current base URL, which is region specific. You can obtain this when generating your Client ID and Secret, or by referring to the list below.

- US Commercial Cloud: https:// api.crowdstrike .com
- US Commercial Cloud 2 https:// api.us-2.crowdstrike .com
- US GovCloud https:// api.laggar.gcw.crowdstrike .com
- Europe https:// api.eu-1.crowdstrike .com 

In Oomnitza, make sure you enter the highlighted part of the URL when you add credentials to the vault and when creating the global variable. For example, if your instance of CrowdStrike Falcon is located in Europe, you enter the highlighted part of this URL https:// api.eu-1.crowdstrike .com .

Important
Please note that the US Commercial Cloud URL (https:// api.crowdstrike .com) has a limit of 100,000 assets when running the extended integration for Crowdstrike assets. Any other Crowdstrike Cloud environment that you specify has a limit of 10,000.

Add CrowdStrike Falcon credentials to Oomnitza

To authorize connections between Oomnitza and CrowdStrike Falcon, complete these steps:

  1. In Oomnitza, click Configuration > Security > Credentials.
  2. Click Add new credential (+).
  3. Search for the integration, and then click the forward button > to select the integration.
  4. Enter your client credentials and any other additional information.
  5. Click Authenticate. You are prompted to log in to authorize your request.
  6. Click CREATE.

Information
If the integration is not listed, click Advanced Mode, and add your credentials.

  1. Add the information details.
  2. Click the AUTHORIZATION tab.
  3. Ensure that OAuth 2.0 is selected as the Authorization type.
  4. Ensure that Crowdstrike Falcon is selected from the SaaS list.
  5. In the CrowdStrike Cloud Environment field, enter the highlighted part of the base URL for your region. Let's say your region is US Commercial Cloud, you enter the highlighted part of this URL: https:// api.crowdstrike .com .
  6. Enter your CrowdStrike Falcon client ID and secret.
  7. Click Authenticate.
  8. Click CREATE

You use the credentials that you added to create and customize your CrowdStrike Falcon integrations with Oomnitza.

Add the CrowdStrike Falcon API Domain to global settings

To save time entering information when you integrate CrowdStrike Falcon, you can add value for your cloud environment as a global variable in Oomnitza.

  1. In Oomnitza, click Configuration > General > Global Settings.
  2. Click Add new variable (+). 
  3. Enter CrowdStrike Falcon.Api Domain as the variable name.
  4. Enter the value, i.e. api.crowdstrike
  5. Click SAVE.

Related articles

Comments

0 comments

Please sign in to leave a comment.