Liberty91 Documentation
Modules
Modules
  • Getting Started with Modules
  • The News Module
  • The Telegram Module
  • The Mandiant Module
  • The CrowdStrike Module
  • The Group-IB Module
  • The X (twitter) Module
  • The VirusTotal Module
  • The PassiveTotal Module
  • The FractalScan Module
  • The MISP Module
Powered by GitBook
On this page
  • Step 1: Creating a client-ID and client-secret
  • Step 2: Provide Base URL, client-ID and client-secret in Liberty91's Crowdstrike Module

The CrowdStrike Module

PreviousThe Mandiant ModuleNextThe Group-IB Module

Last updated 11 months ago

With the CrowdStrike Module, you can import CrowdStrike Intelligence Reports and Recon Alerts into your Liberty91 instance. Turning this module on involves two easy steps:

You need an active license with CrowdStrike for this module to work.

Step 1: Creating a client-ID and client-secret

  1. Go to the .

  2. In the sidebar (click on the 'hamburger': three horizontal lines in the top left), choose 'Support and Resources', and then 'API clients and keys'.

  1. Click on the 'Create API client' button

  1. Provide a name and description for your new API client:

    1. Client name: Liberty91

    2. Description: Liberty91 Client

  1. You need to tick the 'read' button for the following Scopes:

    1. Actors (Falcon Intelligence)

    2. Malware Families (Falcon Intelligence)

    3. Reports (Falcon Intelligence)

    4. Vulnerabilities (Falcon Intelligence)

    5. Monitoring rules (Falcon Intelligence Recon)

    6. Scheduled Reports

  2. Click on 'Update client details'

  3. You will see a dialog box showing a base URL, client ID and client secret. Note all three of these down: you will need them in Liberty91 in the next step.

Step 2: Provide Base URL, client-ID and client-secret in Liberty91's Crowdstrike Module

  1. Go to your CrowdStrike Module in Liberty91

  3. Select the type of reports and notifications you want to import in Liberty91. Note that even though you can select them all here, Liberty91 will only import the type of reports that are included in your CrowdStrike license.

  4. Don't forget to activate your module, and click 'update'.

Provide the details you have generated during .

Congratulations! You have now successfully activated your CrowdStrike Module! New reports and notifications will start to appear in the second (middle) column of your dashboard. Reports are imported and displayed as PDF's, which does not always work on a mobile phone or in the app. Use your laptop or desktop instead.

step 1
CrowdStrike Falcon Portal
Create an client-ID and client-secret in the CrowdStrike Falcon portal
Provide the base URL, Client ID and Client Secret in Liberty91
choose 'support and resources' and then 'API clients and keys' in the sidebar
click on the 'Create API client' button
Create an API-client (in this example 'indicators' and 'rules' are also activated, but you don't have to)
write these values down, you will need them in Liberty91
provide the generated API-details and activate the CrowdStrike Module
Recent Threats