Integrate with CrowdStrike Falcon

In this topic, you will learn how to set up the integration between Portnox™ Cloud and CrowdStrike Falcon.

Important: Prerequisite: Integration with CrowdStrike Falcon requires one of the following conditions:

  • User devices have AgentP installed.

  • Portnox Cloud is integrated with Microsoft Intune, and user devices have SCEP certificates containing the device’s Intune ID in the SAN field.

  • Portnox Cloud is integrated with Jamf, and user devices have SCEP certificates containing the device’s Jamf ID in the SAN field.

If none of these conditions are met, Portnox Cloud cannot obtain device risk information from CrowdStrike Falcon, and the integration will have no effect on risk assessment policies.

  1. Obtain an API token from CrowdStrike Falcon:
    1. In the CrowdStrike Falcon main menu, navigate to Support and resources > API clients and keys.

    2. In the top-right corner of the OAuth2 API clients pane, click on the Create API client button.

    3. In the Create API client window, enter a Client name, and select the following checkboxes in the Read column: Hosts and Zero Trust Assessment. Then, click on the Create button.

    4. In the API client created window, copy all three values one by one to a temporary text file by using the  ⧉  icons.

  2. In the Cloud portal top menu, click on the Settings option.

  3. In the Cloud portal left-hand side menu, click on the Integration Services > CROWDSTRIKE option.

  4. Enable CrowdStrike integration
    1. Under the CrowdStrike heading and description, click on the Edit link.

    2. Click on the Disabled/Enabled switch to put it in the Enabled position.

    3. In the API URI field, select the same API URI as the one you copied earlier from CrowdStrike Falcon, from the Base URL field.

    4. In the Client ID field, paste the Client ID that you copied earlier from CrowdStrike Falcon.

    5. In the Client secret key field, field, paste the Secret that you copied earlier from CrowdStrike Falcon.

    6. Click on the Save button.
    7. Click on the Test link to test your integration settings.
      Note: We highly recommend testing this integration before using it in practice.

Result: Your CrowdStrike Falcon integration is now active.