The CrowdStrike connector lets you use CrowdStrike improve authentication security in your PingOne DaVinci flow.
CrowdStrike protects the people, processes and technologies that drive modern enterprise. A single agent solution to stop breaches, ransomware, and cyber attacks—powered by world-class security expertise and deep industry experience.
You can use the CrowdStrike connector to:
- Check whether a device is managed by CrowdStrike
- List the devices associated a username or IP address
- Get the incident scores for a device
- Get the CrowdStrike scores from multiple incidents
- Get the CrowdStrike Zero Trust Assessment scores for a device
- Get the CrowdScore for an environment
- Managed quarantined devices
Setup
Resources
For information and setup help, see the following documentation:
- CrowdStrike documentation
- DaVinci documentation
Requirements
To use the connector, you'll need:
- A CrowdStrike license
Setting up CrowdStrike
Follow the steps in Creating an API client.
- Select the following API scopes:
Scope Permissions Hosts
Read, Write
Falcon Discover
Read
Incidents
Read
Zero Trust Assessment
Read
- Record your client ID and secret. You'll use them in the connector configuration.
Configuring the CrowdStrike connector
Add the connector in DaVinci as shown in Adding a connector. There is no connector configuration.
Connector configuration
CrowdStrike Base URL
Client ID
Client Secret
Using the connector in a flow
Getting device details
The Get Device Details capability allows you to get detailed information about one or more devices.
In the Device IDs field, you can click {} and select the deviceIds variable from a Get Devices from Logins node.
Getting device management status
The Check Device Status by Device ID and Check Device Status by IP capabilities identify whether or not a device is managed by CrowdStrike.
No special flow configuration is needed. Add the capability and populate its properties according to the help text.
Quarantining devices
You can quarantine a device by applying CrowdStrike Network Containment on the device ID with the Set Containment on Devices capability.
When you determine a device is safe, you can remove the quarantine with the Lift Containment on Devices capability.
In the Device IDs field, you can click {} and select the deviceIds variable from a Get Devices from Logins node.
Getting incident scores
The Get Incident Scores lets you find out the highest incident score from a list of incident IDs. In the Incident IDs field, you can click {} and select the incidentIds variable from a Get Incidents from Logins node.
The Get Incident Scores by Device ID capability lets you find out the highest incident score for a particular device. In the Device ID field, you can click {} and select a variable from your flow that includes the device ID.
Capabilities
- Get Incident Score by Device ID
-
Get the maximum incident score from a single CrowdStrike device ID.
Details - Get Zero Trust Assessment Scores from Devices
-
Use a list of device IDs to get the most recent Zero Trust Assessment scores.
Details - Get Environment CrowdScore
-
Get the most recent CrowdScore for the CrowdStrike environment.
Details - Check Device Status by Device ID
-
Use the CrowdStrike Device ID to check whether a device is managed by CrowdStrike.
Details - Check Device Status by IP
-
Use an IP address to check whether a device is managed by CrowdStrike.
Details - Get Devices from Logins
-
Get a list of device IDs from CrowdStrike Logins that match a username, email address, or IP address.
Details - Get Device Details
-
Get device details from a list of devices.
Details - Get Incidents by IP
-
Use an IP address to get a list of incidents associated with the device.
Details - Get Incidents from Logins
-
Get a list of incidents from CrowdStrike Logins that match a username, email address, or IP address.
Details - Get Incident Scores
-
Get the maximum incident score from a list of incident IDs.
Details - Set Containment on Devices
-
Apply CrowdStrike Network Containment on the Device IDs.
Details - Lift Containment on Devices
-
Remove CrowdStrike Network Containment on the Device IDs.
Details