Elisity supports simple API connectivity to CrowdStrike as a method to enrich device discovery and identity. This allows data from CrowdStrike to be pulled into IdentityGraph for use as Core Effective Attributes when creating policies, enhancing the precision and accuracy of device classification and Policy Group matching. It also presents additional detail about the asset and agent such as ZTNA Scores and versioning.
Prerequisites
- CrowdStrike API URL
- CrowdStrike API Client ID
-
CrowdStrike API Client Key
Steps to Connect CrowdStrike
Step 1. Create a CrowdStrike API Client and API Secret Key by following the directions below or by reading the CrowdStrike documentation here.
a) Log into the Falcon portal and navigate to Support and Resources > API Clients and Keys.
b) Select the Create API Client button
c) In the Create API Client window define a Client Name (any name you want) and a description (optional). Elisity only needs Read access to the following CrowdStrike API Scopes:
- Hosts
- Assets
- Zero Trust Assessment
Once you are done, select the Create button.
d) You will be presented with the CrowdStrike API URL, Client ID and Client Key. Copy these as they will be required in the next steps to configure the Cloud Control Center CrowdStrike connector.
Step 2. Log into Elisity Cloud Control Center and navigate to Settings > Connectors and select + Add Connector button.
Step 3. A list of tiles will slide out from the right side of the screen. Select configure on the CrowdStrike connector.
Step 4. Input the API URL the Client ID and Client Secret you generated in the first step and select Submit.
Step 5 (optional). Configure advanced settings for the CrowdStrike connector.
The following chart provides details about each advanced setting
Global Timer | The frequency at which Cloud Control Center queries CrowdStrike for updates. From 1 to 168 hours. Default is 24 hours. |
Initial Delay | The delay in seconds before Cloud Control Center initiates the first query to CrowdStrike after initially discovering a new device. Default is 180 seconds |
Step 6. If all of the required connector values are correct, all checks will pass and the connector will be created.
After successful configuration, you should begin to see devices enriched by CrowdStrike in IdentityGraph.
Leveraging CrowdStrike with Elisity
When Elisity discovers a new asset on the network and the CrowdStrike connector is active, Cloud Control Center queries the CrowdStrike platform via API for additional device attributes in order to enrich IdentityGraph. This enriched data is displayed in the IdentityGraph tab of the device and can be leveraged as Elisity Core Effective Attributes for Policy Group definition.
To learn more about how to leverage IdentityGraph Core Effective Attributes review the IdentityGraph article.
If a device discovered by Elisity is also known in CrowdStrike, the Trust Attribute flag for "Known in CrowdStrike" will be set to Yes. You can then leverage this trust attribute as match criteria in Policy Group definition.
To learn more about how to leverage IdentityGraph Trust Attributes review the Leveraging Trust Attributes for Policy Group Definition article.