If you're having trouble at any stage please contact us at email@example.com.
The goal of this guide is to add a new SkyFormation's CrowdStrike Cloud App Connector to your SkyFormation Platform.
- Only available for paying customer with the Falcon Insight and Falcon Prevent products
- The connector uses the Falcon Streaming API which are disabled by default.
To obtain an API key and UUID, you must have admin privileges in the Falcon UI.
Sign in to the Falcon UI and navigate to the People App > Customer tab. Note that the People App is only visible to admins.
Click “Reset API Key” (Note that any previous API key will be invalidated).
Copy the API key and UUID for safe keeping.
(Origin: CrowdStrike guide -
Note: These credentials are different than the Query API and Threat Graph API credentials
- When coming to on-board the connector make sure the below information is available for you
Unique ID provided to you by *CrowdStrike support
* You should ask firstname.lastname@example.org for your organization's UUID
An API key provided to you by *CrowdStrike support
* You should ask email@example.com for your organization's API key
- Open the following services to be approachable from the SkyFormation machine:
On-board SkyFormation for CrowdStrike steps
1. Logon to your SkyFormation Platform:
2. Navigate via left navigation panel to "Settings" section
3. Navigate via New Settings left navigation panel to "Accounts" section
4. Click the "Add Account" bottom
5. At the "SELECT SERVICE TO ADD" choose "CrowdStrike"
You will see the below screen:
5. Fill in the following information:
- Tenant (relevant only for the multi-tenant SkyFormation edition)
Choose the tenant the new connector will be attached to.
- Account Name
Give the custom connector a meaningful name for you.
This will become your application connector name displayed in the SkyFormation platform and
added to entire events sent to your SIEM system from this connector as an identifier.
Add any text that describe the specific application and meaning for the business.
"Corp end-point security app"
Unique ID provided to your organization by CrowdStrike support to use the API
A key provided to your organization by CrowdStrike support to use the API
6. Test the settings correctness
Press the "TEST CONNECTION" button
If you see a green OK sign appears as above you have completed the onboard successfully.
- Click "SAVE" button
7. Start the new connector
When a new cloud connector is added its default state is STOPPED.
To start it press its START button.