If you're having trouble at any stage please contact us at email@example.com.
The goal of this guide is to add a new SkyFormation's CrowdStrike Cloud App Connector to your SkyFormation Platform.
- Only available for paying customer with the Falcon Insight and Falcon Prevent products
- The connector uses the Falcon Streaming API which are disabled by default.
To enable the API you must contact firstname.lastname@example.org and ask them for:
(1) enable your access to the API.
(2) Provide you with API-Key to use the API
(3) Provide you with a UUID (unique ID) to use the API (see below).
These credentials are different that the Query API and Threat Graph API credentials
- When coming to on-board the connector make sure ther below information is available for you
Unique ID provided to you by *CrowdStrike support
* You should ask email@example.com for your organization's UUID
An API key provided to you by *CrowdStrike support
* You should ask firstname.lastname@example.org for your organization's API key
- Open the following services to be approachable from the SkyFormation machine:
On-board SkyFormation for CrowdStrike steps
1. Logon to your SkyFormation Platform:
2. Navigate via left navigation panel to "Settings" section
3. Navigate via New Settings left navigation panel to "Accounts" section
4. Click the "Add Account" bottom
5. At the "SELECT SERVICE TO ADD" choose "CrowdStrike"
You will see the below screen:
5. Fill in the following information:
- Tenant (relevant only for the multi-tenant SkyFormation edition)
Choose the tenant the new connector will be attached to.
- Account Name
Give the custom connector a meaningful name for you.
This will become your application connector name displayed in the SkyFormation platform and
added to entire events sent to your SIEM system from this connector as an identifier.
Add any text that describe the specific application and meaning for the business.
"Corp end-point security app"
Unique ID provided to your organization by CrowdStrike support to use the API
A key provided to your organization by CrowdStrike support to use the API
6. Test the settings correctness
Press the "TEST CONNECTION" button
If you see a green OK sign appears as above you have completed the onboard successfully.
- Click "SAVE" button
7. Start the new connector
When a new cloud connector is added its default state is STOPPED.
To start it press its START button.