The Chariot platform integrates with Crowdstrike, a cybersecurity company known for its endpoint protection solutions. The integration involves creating a connection with Crowdstrike's Falcon API, retrieving device and policy information, identifying potential risks, and streaming relevant data back to Chariot.
To start integrating with Crowdstrike, navigate to the integrations section:
To integrate CrowdStrike you will need a client ID, Secret, and Base URL. All of which will be found in your Crowdstrike platform.
Chariot requires a Falcon API client to read assets managed by CrowdStrike. Please create a new API client with full Read permissions, following CrowdStrike's documentation.
Once you have created a new API client, provide the client's ID and secret in the menu above, along with your Falcon API base URL. Click Add to complete the integration.
The integration fetches device information including device ID, hostname, and operating system.
Exclusions, also explored through this integration, are evaluated. If any of the exclusion rules are potentially dangerous based on their path locations (e.g., writable or system-critical directories) they are marked as a Risk.
Policy decisions--detailed configurations about what security settings are enabled or disabled--are requested from Crowdstrike. Chariot then checks specific prevention controls within these policies to ensure important security features are active. Chariot flags policies where critical preventive controls are disabled as Risks.
Chariot compiles all of this data continuously, thereby adding to your attack surface and highlighting relevant Risks associated with Crowdstrike data..