Before you can use the CrowdStrike Falcon Intelligence, you must download it from the ServiceNow Store and add the appropriate Client ID and Client Secret.
Avant de commencer
Role required: sn_sec_tisc.admin
- Threat Intelligence Security center application must be installed and activated.
- Obtain the API Client ID and API Client Secret under your CrowdStrike Falcon Intelligence profile.
- In the CrowdStrike Falcon Intelligence portal API Scopes, enable the Read setting for Indicators (Falcon Intelligence).
Procédure
-
Using your instance, access Threat Intelligence Security Center.
-
Download the integration from the ServiceNow Store.
-
Navigate to .
-
Select .
-
Alternatively, you can navigate to .
-
Click Configure New Enrichment to configure CrowdStrike Falcon Intelligence integration.
-
Fill in the fields on the Configure New Enrichment form.
Tableau 1. Enrichment Integration
| Field |
Description |
| Name |
Enter a name for the new enrichment integration. For example, CrowdStrike Falcon Intelligence. |
| Vendor Name |
Name of the vendor. The details of the selected vendor is populated by default. For example, CrowdStrike Falcon Intelligence. |
| Integration Type |
Type of integration that you selected. For example, Threat Lookup. |
| Description |
Enter the description for the new enrichment integration. |
| Integration Configuration |
| Client ID |
The client ID that you obtained from CrowdStrike. |
| Client Secret |
The client secret key that you obtained from CrowdStrike. |
-
Click Save.
The integration details are validated, and by default the CrowdStrike Falcon Intelligence integration's status is disabled.
-
Click Enable to enable the CrowdStrike Falcon Intelligence integration.
Résultats
After it is configured, CrowdStrike Falcon Intelligence can be selected for performing lookups on observables in Threat Intelligence Security Center.