The CrowdStrike Module

With the CrowdStrike Module, you can import CrowdStrike Intelligence Reports and Recon Alerts into your Liberty91 instance. Turning this module on involves two easy steps:

You need an active license with CrowdStrike for this module to work.

Step 1: Creating a client-ID and client-secret

Go to the CrowdStrike Falcon Portal.
In the sidebar (click on the 'hamburger': three horizontal lines in the top left), choose 'Support and Resources', and then 'API clients and keys'.

Click on the 'Create API client' button

Provide a name and description for your new API client:
1. Client name: Liberty91
2. Description: Liberty91 Client

You need to tick the 'read' button for the following Scopes:
1. Actors (Falcon Intelligence)
2. Malware Families (Falcon Intelligence)
3. Reports (Falcon Intelligence)
4. Vulnerabilities (Falcon Intelligence)
5. Monitoring rules (Falcon Intelligence Recon)
6. Scheduled Reports
Click on 'Update client details'
You will see a dialog box showing a base URL, client ID and client secret. Note all three of these down: you will need them in Liberty91 in the next step.

Step 2: Provide Base URL, client-ID and client-secret in Liberty91's Crowdstrike Module

Go to your CrowdStrike Module in Liberty91
Provide the details you have generated during step 1.
Select the type of reports and notifications you want to import in Liberty91. Note that even though you can select them all here, Liberty91 will only import the type of reports that are included in your CrowdStrike license.
Don't forget to activate your module, and click 'update'.

Congratulations! You have now successfully activated your CrowdStrike Module! New reports and notifications will start to appear in the second (middle) column of your Recent Threats dashboard. Reports are imported and displayed as PDF's, which does not always work on a mobile phone or in the app. Use your laptop or desktop instead.

PreviousThe Mandiant Module NextThe Group-IB Module

Last updated 1 year ago