Skip to main content
Sign in

Creating an extended integration for CrowdStrike users

  • August 17, 2023 15:07
  • Updated

Let Oomnitza be your single source of truth!

You'll get visibility of your CrowdStrike users as data from CrowdStrike is automatically transformed into consumable information and actionable insights.

Connect Oomnitza and CrowdStrike in minutes

Get the information and insights that you need to reduce costs and the time that you spend on administration tasks such as:

  • Configurable dashboards and list views of key user information
  • Configurable reports to share information about users with your colleagues and management
  • Workflows for changing user names
  • Workflows for changing and removing user roles
  • Workflows for deleting users
  • Workflows for getting a SaaS user role

Before you start

Before you can create the integration with Oomnitza, you need to have added your CrowdStrike credentials to Oomnitza and added the value for your cloud environment as a global variable. For further information, refer to Adding your CrowdStrike credentials to Oomnitza.

Important
The required API SCOPES to get users from CrowdStrike Falcon to Oomnitza are: Read for User managementYou need to select Write for User management to run any of the following workflows: CrowdStrike Change User Name, CrowdStrike Change User Roles, CrowdStrike Delete User, and CrowdStrike Remove User Role.

Creating the user integration

  1. In Oomnitza, click Configuration>Integrations>Overview.
  2. Click Block view block_view.PNG.
  3. On the Integrations page, scroll down to the Extended section for user integrations.
  4. Click NEW INTEGRATION.
  5. Search for the integration in the sidebar.
  6. Click ADD.

Integration Overview

Before you start

More information is provided about the following fields to help you complete the integration:

Integration preferences: By default, the option Create & Update is selected, which allows for editing existing user records and adding new ones. If your goal is only to edit existing user records, choose Update Only. On the other hand, if you only want to add new records, select Create Only.

User selection: Select User only to create user records and add them to the People object.  Select User plus SaaS User to create and add user records to the Software > SaaS object. Once your users are created in the SaaS menu, you can create SaaS user workflows to validate the existence of a given user in a SaaS system and to pull role information from your SaaS System. For steps see Creating SaaS user workflows.

When you select User plus SaaS User and you have multiple instances of the same SaaS, you can choose your SaaS instance from the dropdown. If you have a single instance of the SaaS, your instance is already detected by the system.

Integration details

Procedure
To review or update the integrations details, click Edit edit_black_pencil_icon.svg:

  1. Update the integration name if necessary. 
  2. From the User Selection list, select an option. 
  3. For installation type decide whether you want to store the credentials locally or in Oomnitza:
    1. Select Local if you want to store credentials locally.This mode does not support OAuth or AWS.
    2. Select Cloud if you want to store credentials in your Oomnitza instance.
  4. For integration preferences, select an option.
  5. Enter the name of the integration user.

Credential details

Choose one of the following options:

  • Select the credentials that were created for the integration.
  • Edit the credentials that were created for the integration.
  • Create new credentials

Schedule

By default, user data is streamed to Oomnitza once every day.

You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.

  1. Click Edit edit_black_pencil_icon.svg.
  2. Configure your schedule.
  3. Click Update.

Mappings

To map the fields to Oomnitza, click Edit edit_black_pencil_icon.svg:.

Complete these actions:

  1. Click Smart Mapping to automatically detect appropriate mapping fields. Values from the integration can also be dragged to the appropriate field on the Oomnitza side, or selected from the integration field dropdown.
  2. Create a custom mapping for the CrowdStrike User ID. Complete the following steps:
    1. Click the down arrow on the UUID field.
    2. Select Add new Oomnitza users field.
    3. Change the name of the field to CrowdStrike User ID.
    4. Select the Unique checkbox.
    5. Click CREATE
  3. Ensure that the Email is mapped to the
    1. Username field on the Oomnitza side (required for integration).
    2. Email field on the Oomnitza side (required for integration).
  4. Select the Role field on the Oomnitza mapping side.
  5. Choose a suitable role from the list (a defined role is necessary for the integration)
  6. Assign a sync key to a unique field, such as the Email.
  7. Click UPDATE.

Tracking information for user loads 

When the integration is run, you can track the name of the credentials that were used and the source of the data. To do this, you map the following fields to Oomnitza:   

  • Connect: Credentials
  • Connect: CrowdStrike Cloud Environment

Standard CrowdStrike to Oomnitza User Load mappings

  • Connector Sync Time
  • Customer ID
  • Email
  • First Name
  • Last Name
  • UUID

Did you know? 
You can define rules for your integration by selecting Edit integration edit_integration.svg on the mapping page. For example, you may only want to run the integration if a certain contact or region exists. See Filtering integration results.  

You can add new fields to your integration by selecting Add new field  add_grey_rectangel_icon.svg on the mapping page. All you need to do is specify the property name. See Creating custom API fields. 

Launching the integration

Your integration is in Draft mode until all the required mandatory fields are added. Once you have added all of the required fields, select Launch to activate your integration. 

small_blue_link.svg If you selected Cloud as the installation type when creating the integration, refer to Running an extended integration

small_blue_link.svg If you selected Local as the installation type when creating the integration, refer to Running an extended integration locally.

Getting your results
To view the information that is collected about your assets, click Assets. To view the information about software, click the Software tab.  
To view the information that is collected about your users, click People. If you selected User plus SaaS User when running the user integration, you can also find a list of users in the Software > SaaS menu

Related Links

Create user workflows

To reduce costs by automating repetitive and complex tasks, take advantage of the built-in presets for assets.

To add a preset to a workflow, complete these steps:

  1. Click Configuration > Workflows 
  2. Click Add (+) and select People from the list.
  3. Edit the Begin Block and add rules to trigger the workflow. For example, if you set the Actions to Schedule and add a rule so that the Email Equals <EmployeeEmail> you can trigger a workflow to fetch a user matching a certain name on a specific date. Refer to Using the Begin block. 
  4. Drag and drop the API block onto the Sandbox.
  5. Click Edit on the API block and enter CrowdStrike in the search field. 
  6. Select a preset from the list below. To choose a preset, click the forward arrow (>).
    • CrowdStrike Change User Name
    • CrowdStrike Change User Roles
    • CrowdStrike Delete User
    • CrowdStrike Remove User Role
  7. Select the credentials that you created in Adding your CrowdStrike credentials to Oomnitza.
  8. Enter any mandatory information when prompted.
  9. Select Advanced Mode.
  10. Select the Information tab. You will notice that the User ID is referenced in the property {{crowdstrike_user_id}}. Follow the mapping steps when creating the user integration so that this property exists in Oomnitza and is populated with information before you run this workflow.
  11. Select the Response tab. You can map the entire response by placing {{response}} in the Response field and mapping it to a custom long text Oomnitza field, such as API Response. Once you have the entire response, you can then parse the JSON response values to custom Oomnitza fields.
  12. Connect the Blocks. 
  13. Validate, launch, and save your workflow.

Reference articles for workflows

Create SaaS user workflows

You can create a Saas User workflow in Oomnitza using the CrowdStrike User Role preset. You can use this preset to get the Role information of all users in a CrowdStrike instance.

Prerequisites

Before you create a SaaS user workflow, you should have already run your extended user integration and selected User plus SaaS User to populate the Crowdstrike software entry in the Software > SaaS menu.

To create a Saas User workflow using the CrowdStrike Role preset, complete the following steps:

  1. Click Configuration > Workflows > Saas Users from the menu.
  2. Click Add (+). The Begin and End blocks are automatically added to the sandbox.
  3. Enter the name and a description of the workflow. 
  4. Edit the Begin block by adding the rules that will trigger the workflow. For further information see SaaS User Roles.
  5. Click the Blocks tab, and drag and drop the SaaS User Role retrieval block onto the canvas.
  6. Click the Edit icon.
  7. Enter CrowdStrike in the search field and choose the CrowdStrike User Role preset.
  8. Click the right arrow >.
  9. Enter your Credentials.
  10. Select the Deactivate User checkbox to deactivate the SaaS user in SaaS > Crowdstrike > Users if they are not found in your Crowdstrike instance.
  11. Click SAVE.
  12. Connect the blocks.
  13. Validate, launch, and save your workflow.

To view active CrowdStrike users in the SaaS Users UI, complete the following steps:

  1. Click Software from the menu.
  2. Select the Saas tab, and select your software entry for CrowdStrike.
  3. Click Users in the side pane.
  4. The Role column will be populated to confirm that this user has been found in your CrowdStrike SaaS. 

Reference articles for creating workflows

Unleash the power of Oomnitza

To get valuable actionable insights that help you manage your assets, learn how to:

  • Configure dashboards for your users and software
  • Configure custom reports about your users and software
  • Create workflows to automate tasks

See Getting started for more information.

Related articles

Comments

0 comments

Please sign in to leave a comment.