CrowdStrike Falcon Intelligence integration overview

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 1 minute to read

    • CrowdStrike Falcon Intelligence provides cyber security intelligence that easily integrating with Security Operations.

    Note:
    The Threat Intelligence plugin is required to implement the CrowdStrike Falcon Intelligence integration.

    Activate and configure the CrowdStrike Falcon Intelligence integration

    The Integration Configuration feature allows you to quickly activate and set up third-party security integrations, including the CrowdStrike Falcon Intelligence integration. Before you can use the CrowdStrike Falcon Intelligence, you must download it from the ServiceNow Store and add the appropriate API key and ID.

    Before you begin

    Role required: admin

    • The Threat Intelligence plugin must be installed and activated before you can use the CrowdStrike Falcon Intelligence integration.
    • Obtain the API Client ID and API Client Secret under your CrowdStrike Falcon Intelligence profile.
    • If you are upgrading CrowdStrike Falcon Intelligence integration from a previous version, then you must delete the existing configuration and set up a new configuration. The integration supports OAUTH2 authentication. This update requires you to enter the API Client ID and the API Client Secret to authenticate and complete the configuration.
    • In the CrowdStrike Falcon Intelligence portal API Scopes, enable the Read setting for Indicators (Falcon X) or IOCs (Indicators of Compromise).

    Procedure

    1. Download the integration from the ServiceNow Store.
    2. In your instance, navigate to Security Operations > Integrations > Integration Configurations.
      The available security integrations appear as a series of cards.
    3. In the CrowdStrike Falcon Intelligence card, click Configure.
    4. On the form, fill in the fields to complete the configuration:
      Table 1. CrowdStrike Falcon Intelligence Configuration
      Field Description
      Name

      Name of the integration, for example, demo-1.
      API Client ID

      The client ID that you obtain from the settings section of your account profile in CrowdStrike Falcon Intelligence portal.
      API Client Secret

      The client secret key that you obtain from the settings section of your account profile in CrowdStrike Falcon Intelligence portal.
    5. Click Submit.

    Result

    After it is configured, CrowdStrike Falcon Intelligence can be selected for performing lookups on observables in Threat Intelligence and on observables in security incidents.