This article summarizes which device attributes can be enriched from our connector with CrowdStrike, and the benefits of using that enriched data in policy.
Our integration with CrowdStrike is intended to allow customers to use the most accurate device classifications in policy decisions. CrowdStrike, via their endpoint agent, collects and identifies device details and attributes. Elisity leverages our own network based rapid device discovery mechanisms alongside CrowdStrike so that our customer’s devices get the most appropriate policies applied in a timely manner.
When a new device is discovered by any of Elisity's methods, Cloud Control Center queries CrowdStrike using the following parameters until a match is found:
- IP + MAC
- DeviceID (MAC Address)
- IP Address fallback if MAC Address is not known
Engage Elisity support to modify the behavior of the above query order.
By default, a new query is made every 24 hours to check for updated device attributes but can be refreshed on demand by clicking the refresh button next to the IdentityGraph tile for CrowdStrike. Advanced settings for query and initial delay timers can be configured. Any devices learned by Elisity prior to the Connector being configured will be automatically scheduled for enrichment during the next 24 hour cycle and based on their attachment timestamp.
Attribute Mapping
The CrowdStrike Zero Trust Assessment integration retrieves the following device attributes from the CrowdStrike API. These attributes are available in IdentityGraph and can be used as Policy Group match criteria.
| CrowdStrike API Attribute | Elisity Attribute | Core Effective Attribute | Policy Group Match Criteria |
|---|---|---|---|
| device_id | (CrowdStrike) Device ID | — | Yes |
| agent_version | Agent Version | — | Yes |
| config_id_base | Base Config ID | — | Yes |
| config_id_build | Build Config ID | — | Yes |
| config_id_platform | Platform Config ID | — | Yes |
| serial_number | Serial Number | — | Yes |
| hostname | Hostname | Yes | Yes |
| os_version | Operating System, OS Version | Yes | Yes |
| product_type_desc | Type | Yes | Yes |
| system_manufacturer | Vendor | Yes | Yes |
| system_product_name | Model | Yes | Yes |
| tags | Tags | — | Yes |
| Overall ZTNA Score | Overall ZTNA Score | — | Yes |
| OS ZTNA Score | OS ZTNA Score | — | Yes |
| Version | Version | — | Yes |
| kernel_version | Kernel Version | — | Yes |
| os_build | OS Build | — | Yes |
| os_product_name | OS Product Name | — | Yes |
Core Effective Attributes are standard Elisity attributes that map consistently across multiple identity integrations. When CrowdStrike data maps to these attributes, you can build Policy Groups that work seamlessly regardless of which integration provides the data.