If you're having trouble at any stage please contact us at support@skyformation.com. 

Preface

The goal of this guide is to add a new SkyFormation's CrowdStrike Cloud App Connector to your SkyFormation Platform.

Prerequisites

- Only available for paying customer with the Falcon Insight and Falcon Prevent products 

- The connector uses the Falcon Streaming API which are disabled by default.

To obtain an API key and UUID, you must have admin privileges in the Falcon UI.

Sign in to the Falcon UI and navigate to the People App > Customer tab. Note that the People App is only visible to admins.
Click “Reset API Key” (Note that any previous API key will be invalidated).
Copy the API key and UUID for safe keeping.

(Origin: CrowdStrike guide - 

https://www.crowdstrike.com/blog/tech-center/get-access-crowdstrike-apis/)

 Note: These credentials are different than the Query API and Threat Graph API credentials

- When coming to on-board the connector make sure the below information is available for you

1. UUID
   Unique ID provided to you by *CrowdStrike support
   * You should ask support@crowdstrike.com for your organization's UUID
    
2. API-Key
   An API key provided to you by *CrowdStrike support

           * You should ask support@crowdstrike.com for your organization's API key

- Open the following services to be approachable from the SkyFormation machine:

   https://*.crowdstrike.com

On-board SkyFormation for CrowdStrike steps

1. Logon to your SkyFormation Platform:

2. Navigate via left navigation panel to "Settings" section

3. Navigate via New Settings left navigation panel to "Accounts" section

4. Click the "Add Account" bottom

5. At the "SELECT SERVICE TO ADD" choose "CrowdStrike" 

You will see the below screen:

5. Fill in the following information:

 - Tenant (relevant only for the multi-tenant SkyFormation edition)
       Choose the tenant the new connector will be attached to.     

  - Account Name
       Give the custom connector a meaningful name for you.
      This will become your application connector name displayed in the SkyFormation platform and
      added to entire events sent to your SIEM system from this connector as an identifier. 

      Example: 
      "CrowdStrike-corp-endpoint-security"     

    - Description
      Add any text that describe the specific application and meaning for the business.

      Example:
      "Corp end-point security app"

    - UuId

      Unique ID provided to your organization by CrowdStrike support to use the API

      Example:
      da6e3d72-2f37-6241-9504-2307b710241g

  - API-Key

     A key provided to your organization by CrowdStrike support to use the API

     Example:
     FjhhMTAxY2EtNjY2Ni00AGQwLKhjMjQtNTYxYTdkMmJlYzU6 

6. Test the settings correctness 

    Press the "TEST CONNECTION" button

    If you see a green OK sign appears as above you have completed the onboard successfully.

- Click "SAVE" button

7. Start the new connector

    When a new cloud connector is added its default state is STOPPED.

    To start it press its START button. 

DONE !