CrowdStrike Falcon Monitoring

Updated Jan 17, 2024

Configure CrowdStrike Falcon for Arctic Wolf monitoring

You can configure CrowdStrike Falcon® to send the necessary logs to Arctic Wolf® for security monitoring.

Requirements

Steps

  1. Create the API client.
  2. Provide your CrowdStrike Falcon credentials to Arctic Wolf.

Step 1: Create the API client

  1. Sign in to the CrowdStrike Falcon UI.

  2. In the Support tab, click API Clients and Keys.

  3. Click Add new API clients.

  4. Create a new API client.

    See the CrowdStrike Falcon documentation available in the CrowdStrike Falcon UI for more information.

  5. When selecting the scopes for the API client, select Read access for all scopes.

  6. Save these values in a safe, encrypted location. You will provide them to Arctic Wolf later:

    • API Hostname
    • API Client UUID
    • API Client Secret

      Note: The API Client Secret is only available to view during the API client creation. If this information is lost before you provide it to Arctic Wolf, you must create a new client to get a new API Client Secret.

Step 2: Provide credentials to Arctic Wolf

Note: If API credentials fail, for example due to expired credentials, Arctic Wolf notifies you and requests a new set of credentials. After receiving refreshed credentials, Arctic Wolf can only retrieve data from the previous 12 hours. Provide refreshed credentials within 12 hours of expiry to enable complete data polling and coverage. For more information, see MDR polling frequency.

  1. Sign in to the Arctic Wolf Unified Portal.

  2. Click Telemetry Management > Connected Accounts.

  3. Click Add Account +.

  4. On the Add Account page, in the Account Type list, select Cloud Detection and Response.

  5. In the Cloud services list, select CrowdStrike.

  6. On the Add Account page, configure these settings:

    • Account Name — Enter a unique and descriptive name for the account.

    • Client ID — Enter the appropriate value from Create the API client.

    • Client Secret — Enter the appropriate value from Create the API client.

    • API Hostname — Enter the appropriate value from Create the API client.

    • Credential Expiry — (Optional) Enter the credential expiration date, if applicable.

  7. Click Test and submit credentials.

    After your Concierge Security® Team (CST) enables security monitoring for this account, the connected account status changes to Healthy.

Next steps