Crowdstrike Falcon Endpoint for Security Incident - API Rate Limit being crossed

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2024 03:39 PM
We are trying to integrate ServiceNow with Crowdstrike Falcon Endpoint for Security Incident but integration gets disabled each day or so. Integration works for sometime but then it fails. In logs we are receiving error that Rate Limit has increased.
We raised a case with Crowdstrike as plugin is supported by them. Their answer was that all ServiceNow customers connecting through this plugin is striking same CrowdStrike endpoint hence API RATE Limit is being crossed. They suggested us to use Mid Server for API Call.
This seems ridiculous design to me but anyway we configured OAuth authentication to go through Mid Server but I do not think there is any way to send actual REST API calls (to get Detections/Incidents/Behaviors) through Mid Server. Our customer contends that ServiceNow must send all API Calls through Mid Server for this integration to work. Please correct me , If my udnerstanding is wrong
My thinking is that CrowdStrike being major player on Security Scan side and ServiceNow being major player on Ticketing side, There would be many customers who use this integration and might have faced this issue. Is there anyone who can help me in solving this puzzle ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2024 08:14 AM
There are many customers using the CrowdStrike+ServiceNow integration, and I've not heard this from any of them, can you please request a case with ServiceNow Tech Support?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2024 08:21 AM
I've also double-checked the install guide, and nowhere does it mention Mid Server requirement: https://store.servicenow.com/sn_appstore_store.do#!/store/application/022ade67db1bc740bc1fd001cf9619...

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2024 02:02 PM
I have raised the ServiceNow HI Case. First time I heard this from Crowdstrike, I was kind of laughing. Hopefully this is not the issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2024 10:24 PM
Hi @Community Alums
Thank god, there is some discussion happening on this side of integration.
This is the only post highlighting the issue.
As a customer who have integrated the falcon endpoint for security with servicenow, I can confirm this is definitely a thing - we have been facing this for almost 3 months.
I have a open case with CS on this currently,
but @Tim Boswell can you please check this from servicenow side as well.
Thanks