The CrowdStrike Module
Last updated
Last updated
With the CrowdStrike Module, you can import CrowdStrike Intelligence Reports and Recon Alerts into your Liberty91 instance. Turning this module on involves two easy steps:
You need an active license with CrowdStrike for this module to work.
Go to the CrowdStrike Falcon Portal.
In the sidebar (click on the 'hamburger': three horizontal lines in the top left), choose 'Support and Resources', and then 'API clients and keys'.
Click on the 'Create API client' button
Provide a name and description for your new API client:
Client name: Liberty91
Description: Liberty91 Client
You need to tick the 'read' button for the following Scopes:
Actors (Falcon Intelligence)
Malware Families (Falcon Intelligence)
Reports (Falcon Intelligence)
Vulnerabilities (Falcon Intelligence)
Monitoring rules (Falcon Intelligence Recon)
Scheduled Reports
Click on 'Update client details'
You will see a dialog box showing a base URL
, client ID
and client secret
. Note all three of these down: you will need them in Liberty91 in the next step.
Go to your CrowdStrike Module in Liberty91
Provide the details you have generated during step 1.
Select the type of reports and notifications you want to import in Liberty91. Note that even though you can select them all here, Liberty91 will only import the type of reports that are included in your CrowdStrike license.
Don't forget to activate your module, and click 'update'.
Congratulations! You have now successfully activated your CrowdStrike Module! New reports and notifications will start to appear in the second (middle) column of your dashboard. Reports are imported and displayed as PDF's, which does not always work on a mobile phone or in the app. Use your laptop or desktop instead.