Crowdstrike Falcon Endpoint for Security Incident - API Rate Limit being crossed

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2024 03:39 PM
We are trying to integrate ServiceNow with Crowdstrike Falcon Endpoint for Security Incident but integration gets disabled each day or so. Integration works for sometime but then it fails. In logs we are receiving error that Rate Limit has increased.
We raised a case with Crowdstrike as plugin is supported by them. Their answer was that all ServiceNow customers connecting through this plugin is striking same CrowdStrike endpoint hence API RATE Limit is being crossed. They suggested us to use Mid Server for API Call.
This seems ridiculous design to me but anyway we configured OAuth authentication to go through Mid Server but I do not think there is any way to send actual REST API calls (to get Detections/Incidents/Behaviors) through Mid Server. Our customer contends that ServiceNow must send all API Calls through Mid Server for this integration to work. Please correct me , If my udnerstanding is wrong
My thinking is that CrowdStrike being major player on Security Scan side and ServiceNow being major player on Ticketing side, There would be many customers who use this integration and might have faced this issue. Is there anyone who can help me in solving this puzzle ?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-30-2024 12:14 AM
@Community Alums
Thank you for posting this question, we are also contemplating to use this integration. Is the issue solved in mean time?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2024 08:12 PM
Just adding:
We had our issue resolved- CS team had pushed a updated version around Mid of May , which includes to disable the connection timeout logic - which i believe was the issue from the start within our environment.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-13-2024 01:05 AM
Same problem here, I use mid server and it is ok. After installing that mentioned update I had to reconfigure all application to correct endpoints from api.crowd to our api.eu-1. because it didnt reflected. Looks ok now.