CrowdStrike
Attach partner account
To attach a Crowdstrike account to Prelude, you will need:
- A CrowdStrike API key
In CrowdStrike
Create API Key
Open the CrowdStrike navigation bar and select Support and resource > API clients and keys.
Generate a new API key with following permissions:
Base Integration
- Hosts - Read
- Prevention policies - Read
- Custom IOA rules - Read, Write
- App Logs - Read, Write
- Reports (Falcon Intelligence) - Read
Probe deployment
Probe deployment requires these additional API client permissions
- Real time response - Read, Write
- Real time response (admin) - Write
IOA Creation
- Custom IOA Rules - Read, Write
Included capabilities
The Crowdstrike integration enables administrators to quickly deploy Prelude Detect probes to Crowdstrike hosts, create custom IOA detections, pivot to test detection, and review protection levels of specific Crowdstrike Prevention Policies.
Crowdstrike Setup
In the Crowdstrike console, navigate to Host setup and management and then response policies. Each operating platform will have a policy, the following need to be enabled for each target operating system:
- Custom Scripts
- put
- run
- put and run
Probe deployment
- Click + Add a Probe
- Click Deploy using Crowdstrike
- Select target OS Platform
- Select a number of target endpoints or Select All
- Deploy and review results
Updated 3 months ago