Chariot's Crowdstrike integration enables you to monitor your Crowdstrike-protected assets for potential security risks and policy vulnerabilities from an attacker's perspective. By combining Crowdstrike's robust endpoint protection with Chariot's external threat monitoring, you can achieve comprehensive security coverage of your environment.
Prerequisites
Before beginning the integration process, ensure you have:
- Access to your Crowdstrike Falcon instance with administrative privileges
- Permissions to create API clients in Crowdstrike
Creating a Crowdstrike API Client
To create your API client, sign in to your Crowdstrike Falcon console and navigate to the API Clients and Keys section, which you can find under Support and Resources > Resources and Tools.
When setting up the API client, you'll need to configure it with specific read permissions - namely, access to Prevention Policies and Hosts information. These permissions ensure Chariot can properly assess your security posture without making any changes to your environment.
After clicking “Save” you should receive a confirmation box saying “API client created” which contains a “Client ID” and “Secret”. Copy the Client ID, Secret, and Base URL and store them somewhere safe. You will not be able to access the Secret again.
Configuring the Integration in Chariot
Moving over to your Chariot instance, the integration process is straightforward. Look for the Integrations section in the left navigation menu - you'll find it under the Administration heading near the bottom.
Click on "Add Integration" to see all available integration options.
You can easily locate the Crowdstrike integration either by using the search function or by browsing the Managed Detection and Response section of the integration cards.
When you click "Connect" on the Crowdstrike card, you'll see a configuration popup where you can enter the Client ID, Secret, and Base URL from your Crowdstrike API client. Once you've entered these details, Chariot will begin monitoring your Crowdstrike-protected assets, providing valuable insights into potential security risks from an external perspective.
The integration creates a powerful security feedback loop - while Crowdstrike protects your endpoints from threats, Chariot helps you understand how those same endpoints might appear to potential attackers, allowing you to proactively address vulnerabilities before they can be exploited.
If you run into any issues during the integration process or have questions about maximizing the value of this integration, our support team is ready to help. You can reach us at support@praetorian.com, and we'll be happy to guide you through any challenges you encounter.