Guides

CrowdStrike

Attach partner account

Suggest Edits

To attach a Crowdstrike account to Prelude, you will need:

  • A CrowdStrike API key

In CrowdStrike

Create API Key

Open the CrowdStrike navigation bar and select Support and resource > API clients and keys.

Generate a new API key with following permissions:

Base Integration

  • Hosts - Read
  • Prevention policies - Read
  • Custom IOA rules - Read, Write
  • App Logs - Read, Write
  • Reports (Falcon Intelligence) - Read

Probe deployment

Probe deployment requires these additional API client permissions

  • Real time response - Read, Write
  • Real time response (admin) - Write

IOA Creation

  • Custom IOA Rules - Read, Write

Included capabilities

The Crowdstrike integration enables administrators to quickly deploy Prelude Detect probes to Crowdstrike hosts, create custom IOA detections, pivot to test detection, and review protection levels of specific Crowdstrike Prevention Policies.

Crowdstrike Setup

In the Crowdstrike console, navigate to Host setup and management and then response policies. Each operating platform will have a policy, the following need to be enabled for each target operating system:

  • Custom Scripts
  • put
  • run
  • put and run

Probe deployment

  1. Click + Add a Probe
  2. Click Deploy using Crowdstrike
  3. Select target OS Platform
  4. Select a number of target endpoints or Select All
  5. Deploy and review results

Updated 5 months ago