Admin Guide
Synapse-CrowdStrike Admin Guide
Configuration
Synapse-CrowdStrike requires a CrowdStrike OAuth2 API client. Falcon Administrators can manage or create new API clients from the API Clients and Keys page of the CrowdStrike console.
Setting the API base URL
By default, Synapse-CrowdStrike will use https://api.crowdstrike.com as the
base URL when making requests. If your integration is hosted on a different
cloud, use the crowstrike.setup.url command to set the base URL for your cloud.
> crowdstrike.setup.url https://api.us-2.crowdstrike.com
Setting CrowdStrike URL to https://api.us-2.crowdstrike.com for all users.
Setting an API client for global use
To set-up a global API client:
> crowdstrike.setup.client myclientid mysecret
Setting CrowdStrike API client configuration for all users.
Using per-user API clients
A user may set-up their own API client:
> crowdstrike.setup.client --self myclientid mysecret
Setting CrowdStrike API client configuration for the current user.
Dependencies
Synapse-CrowdStrike does not have any dependencies.
Permissions
Package (synapse-crowdstrike) defines the following permissions:
power-ups.crowdstrike.user : Controls user access to Synapse-CrowdStrike. ( default: false )
You may add rules to users/roles directly from Storm:
> auth.user.addrule visi power-ups.crowdstrike.user
Added rule power-ups.crowdstrike.user to user visi.
or:
> auth.role.addrule ninjas power-ups.crowdstrike.user
Added rule power-ups.crowdstrike.user to role ninjas.
Exported APIs
Synapse-CrowdStrike does not currently export any APIs.
Workflows
Synapse-CrowdStrike provides the following workflows in Optic:
Title: Configuration
Node Actions
Synapse-CrowdStrike provides the following node actions in Optic:
Name : indicators.enrich
Desc : Enrich nodes with indicators data from CrowdStrike
Forms: file:base, file:bytes, file:path, hash:md5, hash:sha1, hash:sha256, inet:email, inet:fqdn, inet:ipv4, inet:passwd, inet:url, inet:user, it:dev:mutex, ps:name, tel:phone
Onload Events
Synapse-CrowdStrike does not use any onload events.