Introduction

OpsRamp’s CrowdStrike integration streamlines the discovery of CrowdStrike hosts and enables continuous event streaming directly from CrowdStrike. Once installed, the integration automatically starts streaming event data, providing real-time monitoring and visibility. These events are captured and displayed in the Infrastructure -> Logs section, offering a centralized view of security activities detected by CrowdStrike, which enhances proactive threat detection and management.

Retrieve Credentials from CrowdStrike Console

  1. Log in to the CrowdStrike console using your credentials.

  2. Click on your profile icon in the top-right corner.

  3. In the profile section, locate the Customer ID (CID).
    Copy this Customer ID (CID), as you will need to enter it as the Customer ID in OpsRamp.

  4. Click the menu icon and navigate to Support and Resources -> API Clients and Keys.

  5. Click Create API Client.

  6. When prompted, provide full read access for all scopes and click Create.

  7. Once the API client is created, copy the Client ID and Client Secret, as these will be required during OpsRamp integration.

  8. During the creation of the API client, you will receive a Base URL.

  9. Use this Base URL to determine the correct region when configuring the integration in OpsRamp. Refer to the list below for region-specific URLs:

    • US-1: https://api.crowdstrike.com
    • US-2: https://api.us-2.crowdstrike.com
    • EU-1: https://api.eu-1.crowdstrike.com
    • US-GOV-1: https://api.laggar.gcw.crowdstrike.com
    • US-GOV-2: https://api.us-gov-2.crowdstrike.mil

Configure the Integration

  1. From All Clients, select a client.

  2. Navigate to Setup > Account.

  3. Select the Integrations tab.

  4. The Installed Integrations page, where all the installed applications are displayed.
    Note: If there are no installed applications, it will navigate to the ADD APP page.

  5. Click + ADD on the Installed Integrations page. The Available Integrations page displays all the available applications along with the newly created application with the version.
    Note: You can even search for the application using the search option available. Also you can use the All Categories option to search.

  6. Click ADD under CrowdStrike:

  7. In the ADD CROWDSTRIKE page, enter your account information:

    FieldDescription
    Name(required) User-defined, descriptive integration name.
    Customer ID(required) Enter the Customer ID saved during Retrieve Credentials from CrowdStrike Console.
    Client ID(required) Enter the Client ID saved during Retrieve Credentials from CrowdStrike Console.
    Secret Key(required) Enter the Client Secret saved during Retrieve Credentials from CrowdStrike Console.
    Confirm Secret Key(required) Re-enter the client secret.
    Region(required) Select region.

  8. Click Next.

  9. In the RESOURCE TYPE section, select:

    • ALL: All the existing and future resources will be discovered.
    • SELECT: You can select one or multiple resources to be discovered.

  10. In the DISCOVERY SCHEDULE section, select Recurrence Pattern to add one of the following patterns:

    • Minutes
    • Hourly
    • Daily
    • Weekly
    • Monthly

  11. Click FINISH.
    The application is now installed and displayed on the Installed Integration page. Use the search field to find the installed application.

  1. After configuring the integration, the CrowdStrike metrics can be viewed from the Infrastructure page.
  2. You can view the CrowdStrike integration logs in OpsRamp by navigating to the Infrastructure -> Logs page and apply the filter source = CrowdStrike.