Articles in this section

See more

Adding CrowdStrike Falcon Connector to Skyformation Platform

Avatar
Nadav Lavy (Greenberg)
  • Updated
Follow

If you're having trouble at any stage please contact us at support@skyformation.com

Preface

The goal of this guide is to add a new SkyFormation's CrowdStrike Cloud App Connector to your SkyFormation Platform.

Prerequisites

- Only available for paying customer with the Falcon Insight and Falcon Prevent products 

- The connector uses the Falcon Streaming API which are disabled by default.
  To enable the API you must contact support@crowdstrike.com and ask them for:
  (1) enable your access to the API.
  (2) Provide you with API-Key to use the API
  (3) Provide you with a UUID (unique ID) to use the API (see below).

  These credentials are different that the Query API and Threat Graph API credentials

- When coming to on-board the connector make sure ther below information is available for you

  1. UUID
    Unique ID provided to you by *CrowdStrike support
    * You should ask support@crowdstrike.com for your organization's UUID
     
  2. API-Key
    An API key provided to you by *CrowdStrike support

           * You should ask support@crowdstrike.com for your organization's API key

- Open the following services to be approachable from the SkyFormation machine:

   https://*.crowdstrike.com

On-board SkyFormation for CrowdStrike steps

1. Logon to your SkyFormation Platform:

2. Navigate via left navigation panel to "Settings" section

3. Navigate via New Settings left navigation panel to "Accounts" section

4. Click the "Add Account" bottom

5. At the "SELECT SERVICE TO ADD" choose "CrowdStrike" 

You will see the below screen:

crowdstrike_service-account_parameters.png

5. Fill in the following information:

 - Tenant (relevant only for the multi-tenant SkyFormation edition)
       Choose the tenant the new connector will be attached to.     

  - Account Name
       Give the custom connector a meaningful name for you.
      This will become your application connector name displayed in the SkyFormation platform and
      added to entire events sent to your SIEM system from this connector as an identifier. 

      Example: 
      "CrowdStrike-corp-endpoint-security"     

    - Description
      Add any text that describe the specific application and meaning for the business.

      Example:
      "Corp end-point security app"

    - UuId

      Unique ID provided to your organization by CrowdStrike support to use the API

      Example:
      da6e3d72-2f37-6241-9504-2307b710241g

  - API-Key

     A key provided to your organization by CrowdStrike support to use the API

     Example:
     FjhhMTAxY2EtNjY2Ni00AGQwLKhjMjQtNTYxYTdkMmJlYzU6 

6. Test the settings correctness 

    Press the "TEST CONNECTION" button

     test_connection_success.png 

    If you see a green OK sign appears as above you have completed the onboard successfully.

 

- Click "SAVE" button

 

7. Start the new connector

    When a new cloud connector is added its default state is STOPPED.

    To start it press its START button. 


 

DONE ! 

 

Related articles

Comments

1 comment

Sort by Date Votes
  • Avatar
    Andrew Powell

    1. Logon to your SkyFormation Platform:

    2. Navigate via left navigation panel to "Settings" section

     

    Um, where's this "left navigation panel"? I've tried in IE, Firefox, Chrome...no left nav.

    0
    Permalink

Please sign in to leave a comment.