Integrating with CrowdStrike

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:15分

    • Integrating your Software Asset Management application with the CrowdStrike enables you to view CrowdStrike active host sensors information and check license compliance.

    注:
    CrowdStrike currently doesn't support the APIs for integration in regulated environments, including US-GOV-1 (GovCloud) or US-GOV-2 CrowdStrike clouds.
    重要:
    Minimize security risks and protect information by granting access only to the necessary user or API permissions.
    表 : 1. Minimal user permissions
    Process Required user role in the CrowdStrike application Authentication scopes
    Download consumption Falcon administrator Sensor usage scope with read permissions

    This process is applicable for Zurich Patch 7, Software Asset Management - SaaS License Management (sn_sam_saas_int) 17.0.5, and Software Asset Management (sn_itam_samp) 4.1.0 version onwards.

    Register a CrowdStrike OAuth application

    Register the CrowdStrike OAuth application to access the CrowdStrike API and to receive a Client ID and Client secret.

    始める前に

    The CrowdStrike Integration Hub spoke must be active. For more information, see CrowdStrike spoke.

    CrowdStrike Role required: Falcon administrator

    重要:
    • To use the Sensor Usage APIs, your API client must be assigned the Sensor usage scope with Read permissions.
    • Contact your account team to enable the following feature flags:
      • Hourly usage data feature flag: This flag must be enabled for your Customer Identification (CID) to view hourly usage data.
      • Aggregated usage data feature flag: This flag must be enabled to get aggregated usage data in multi-CID (non-Flight Control) accounts.

    手順

    1. Log in to Falcon using your admin credentials.
    2. Navigate to Support and resources > API Clients and Keys.
    3. Select Create API Client.
    4. Provide the client name and description.
    5. Select the Read check box for the Sensor usage scope.
    6. Select Create.
      The API client created screen is displayed.
    7. Copy the Client ID and Secret for later use.
    8. Select Done.

    Create a CrowdStrike integration profile

    Create a CrowdStrike integration profile to track software subscriptions and optimize licensing for your CrowdStrike applications.

    始める前に

    The Software Asset Management - SaaS License Management plugin (sn_sam_saas_int) must be installed from the ServiceNow Store.

    ServiceNow Role required: sam_admin or sam_integrator

    重要:
    You must select the CrowdStrike Spoke check box for this integration while installing optional features on the Application Manager page. For more information about choosing the required SaaS applications, see Request SaaS License Management.

    このタスクについて

    If you’re using Software Asset Workspace, the option to create the CrowdStrike integration profile in Core UI is inactive.

    注:
    When upgrading to Yokohama patch 1 with Software Asset Management - SaaS License Management (sn_sam_saas_int) 15.0.8 and Software Asset Management (sn_itam_samp) 2.1.0 store applications installed, you must delete the entitlements for the existing CrowdStrike integration profiles. Then, create entitlements for various CrowdStrike products, such as Falcon Endpoint Protection and Falcon Discover, based on their license metrics. These metrics include Reserved Hourly Average Sensor and Sensor Subscription, which are found under the CrowdStrike license metric group.
    • If any existing CrowdStrike profiles are in the Draft state, create integration profiles and delete the existing ones.
    • If any existing CrowdStrike profiles are in the Published state, their state changes to Draft.

    If you are on any version for Yokohama below patch 1, refer KB1801232.

    手順

    1. Navigate to the integration profile.
      InterfaceAction
      Core UI
      1. Navigate to All > Software Asset > SaaS License > Direct Integration Profiles.
      2. Select New.
      3. Select CrowdStrike Integration Profile.
      Software Asset Workspace
      1. Navigate to License operations > User Subscriptions > Direct integration profiles.
      2. Select New.
      3. Select CrowdStrike from the drop-down list.
      4. Select Continue.
    2. On the form, fill in the fields.
      表 : 2. Integration profile form
      Field Value
      Display name Name of the integration profile. For example, CrowdStrike integration.
      Status Status of the integration profile.
      • If you have not published the integration profile, this field is automatically set to  Draft.
      • If you have already published the integration profile, this field is automatically set to  Published.
      Profile type Type of integration profile. This field is automatically set to CrowdStrike Subscription.
    3. Review the required user roles or API permissions specified in the Vendor configuration field for the process to minimize security risks and optimize SaaS licenses.
      注:
      The Download consumption check box is selected by default and you can't clear it. Verify that the Subflow field is set to CrowdStrike Download Weekly and Hourly Sensor Usage.

      For more information about the required roles and scopes, see Minimal user permissions table.

    4. Select Save.
      A draft integration profile is created.

      The Connection & Credential field appears and is automatically set to sn_crowdstrk_spoke.CrowdStrike.

    5. Open the connection & credential aliases record by selecting the preview icon (Preview icon.) next to the Connection & Credential field and then selecting Open Record in the record preview.
    6. On the Connection & Credential Aliases form, select the Create New Connection & Credential related link.
    7. In the Create Connection and Credential dialog box, fill in the fields.
      表 : 3. Create Connection and Credential dialog box
      Field Value
      Connection Information
      Connection Name Name of the CrowdStrike connection. This field populates automatically.
      Connection URL URL for the connection. This field is automatically set to https://api.crowdstrike.com.
      Each CrowdStrike cloud has a different base URL. Use the base URL that corresponds to the cloud where your integration is hosted.
      • US-1: https://api.crowdstrike.com
      • US-2: https://api.us-2.crowdstrike.com
      • EU-1: https://api.eu-1.crowdstrike.com
      Credential Information
      OAuth Client ID Client ID that you generated while configuring the CrowdStrike API settings.
      OAuth Client Secret Client Secret that you generated while configuring the CrowdStrike API settings.
      OAuth Redirect URL https://<instance name>/oauth_redirect.do, where the instance name is the name of your ServiceNow instance.
    8. Select Create and Get OAuth Token.
      注:
      For the role required to perform this step, refer to the Minimal user permissions table.
      The OAuth token is generated successfully.
    9. On the Integration Profile form, proceed with the Workload product mapping by selecting the CrowdStrike Product Workload Mappings tab.
      注:
      The software entitlements and software models must be created before proceeding to the next step.
      1. On the CrowdStrike Product Workload Mappings page, select New.
      2. On the form, fill in the fields.

        For further details on the CrowdStrike Product Workload Mapping, see Create a product workload mapping for CrowdStrike products.

      3. Select Save.
    10. On the integration profile form, select Validate Connection to verify the connection and credential details of this integration.
      You can also validate connections before creating CrowdStrike product workload mappings.
      重要:
      You must create the product workload mapping before publishing the profile.
    11. After the connection is verified and the workload product mapping is provided, select Publish.
    12. In the Publish Confirmation dialog box, select OK.

    タスクの結果

    This integration pulls or creates usage records in the CrowdStrike Product Usage [samp_crowdstrike_product_usage] table and CAL records in the Client Access [samp_sw_client_access] table.

    次のタスク

    If you want to set up multiple integration profiles with unique connections, create child aliases to manage different configurations and settings for each integration profile. For more information, see Create a child alias to set up multiple integration profiles.

    You can view details on the usage records and workload mappings created with the CrowdStrike integration. For more information, see License operations view in the Software Asset Workspace.

    Reconciliation also runs on your subscriptions as a scheduled job or on-demand. You can view your reconciliation results in the License Workbench (Software Asset Management classic application) or the License usage view (Software Asset Workspace). Use these results to determine your license compliance position and to remediate any non-compliance.