Crowdstrike Falcon Endpoint for Security Incident - API Rate Limit being crossed

Community Alums
Not applicable

‎04-22-2024 03:39 PM

We are trying to integrate ServiceNow with Crowdstrike Falcon Endpoint for Security Incident but integration  gets disabled each day or so. Integration works for sometime but then it fails. In logs we are receiving error that Rate Limit has increased.

 

We raised a case with Crowdstrike as plugin is supported by them. Their answer was that all ServiceNow customers connecting through this plugin is striking  same CrowdStrike endpoint hence API RATE Limit is being crossed. They suggested us to use Mid Server for API Call.

 

This seems  ridiculous design to me but anyway we  configured OAuth authentication to go through Mid Server but I do not think there is any way to send actual REST API calls (to get Detections/Incidents/Behaviors) through Mid Server. Our customer contends that ServiceNow must send all API Calls through Mid Server for this integration to work. Please correct me , If my udnerstanding is wrong

 

My thinking is that CrowdStrike being major player on Security Scan side and ServiceNow being major player on Ticketing side, There would  be many customers who use this integration and might have faced this issue. Is there anyone who can help me in solving this puzzle ? 

0 Helpfuls
  • 2,757 Views
7 REPLIES 7

Tim Boswell
ServiceNow Employee
ServiceNow Employee

‎04-23-2024 08:14 AM

There are many customers using the CrowdStrike+ServiceNow integration, and I've not heard this from any of them, can you please request a case with ServiceNow Tech Support?

0 Helpfuls

Tim Boswell
ServiceNow Employee
ServiceNow Employee

‎04-23-2024 08:21 AM

I've also double-checked the install guide, and nowhere does it mention Mid Server requirement:  https://store.servicenow.com/sn_appstore_store.do#!/store/application/022ade67db1bc740bc1fd001cf9619...

0 Helpfuls

Community Alums
Not applicable

‎04-23-2024 02:02 PM

I have raised the ServiceNow HI Case. First time I heard this from Crowdstrike, I was kind of laughing. Hopefully this is not the issue. 

0 Helpfuls

Milindsecops
Tera Contributor

‎05-13-2024 10:24 PM

Hi @Community Alums 

Thank god, there is some discussion happening on this side of integration.
This is the only post highlighting the issue. 

As a customer who have integrated the falcon endpoint for security with servicenow, I can confirm this is definitely a thing - we have been facing this for almost 3 months.
I have a open case with CS on this currently,
but @Tim Boswell can you please check this from servicenow side as well. 

Thanks

0 Helpfuls