The CrowdStrike Module

With the CrowdStrike Module, you can import CrowdStrike Intelligence Reports and Recon Alerts into your Liberty91 instance. Turning this module on involves two easy steps:

You need an active license with CrowdStrike for this module to work.

Step 1: Creating a client-ID and client-secret

  1. In the sidebar (click on the 'hamburger': three horizontal lines in the top left), choose 'Support and Resources', and then 'API clients and keys'.

choose 'support and resources' and then 'API clients and keys' in the sidebar
  1. Click on the 'Create API client' button

click on the 'Create API client' button
  1. Provide a name and description for your new API client:

    1. Client name: Liberty91

    2. Description: Liberty91 Client

Create an API-client (in this example 'indicators' and 'rules' are also activated, but you don't have to)
  1. You need to tick the 'read' button for the following Scopes:

    1. Actors (Falcon Intelligence)

    2. Malware Families (Falcon Intelligence)

    3. Reports (Falcon Intelligence)

    4. Vulnerabilities (Falcon Intelligence)

    5. Monitoring rules (Falcon Intelligence Recon)

    6. Scheduled Reports

  2. Click on 'Update client details'

  3. You will see a dialog box showing a base URL, client ID and client secret. Note all three of these down: you will need them in Liberty91 in the next step.

write these values down, you will need them in Liberty91

Step 2: Provide Base URL, client-ID and client-secret in Liberty91's Crowdstrike Module

  1. Go to your CrowdStrike Module in Liberty91

  2. Provide the details you have generated during step 1.

  3. Select the type of reports and notifications you want to import in Liberty91. Note that even though you can select them all here, Liberty91 will only import the type of reports that are included in your CrowdStrike license.

  4. Don't forget to activate your module, and click 'update'.

provide the generated API-details and activate the CrowdStrike Module

Congratulations! You have now successfully activated your CrowdStrike Module! New reports and notifications will start to appear in the second (middle) column of your Recent Threats dashboard. Reports are imported and displayed as PDF's, which does not always work on a mobile phone or in the app. Use your laptop or desktop instead.

Last updated