CrowdStrike Flight Control

The Praetorian Guard Platform's (PGP) CrowdStrike integration enables you to monitor CrowdStrike-protected assets for potential security risks and policy vulnerabilities from an attacker's perspective. By combining CrowdStrike's endpoint telemetry and vulnerability data with PGP's external attack-surface monitoring, you gain a more complete view of risk across your environment.

In PGP, this integration is configured under CrowdStrike Flight Control (MSSP) because it uses CrowdStrike's Flight Control APIs to access tenant data. Through this connection, PGP can ingest relevant asset and vulnerability information (including data surfaced through CrowdStrike Spotlight) and correlate it with external exposure data discovered by PGP.Prerequisites

Before beginning the integration process, ensure you have:

  • Access to your Crowdstrike Spotlight instance with administrative privileges

  • Permissions to create API clients in Crowdstrike

Creating a Crowdstrike API Client

To create your API client, sign in to your Crowdstrike Falcon console and navigate to the API Clients and Keys section, which you can find under Support and Resources > Resources and Tools.

When setting up the API client, you'll need to configure it with specific read permissions - namely, access to Spotlight Vulnerabilities and Hosts information. These permissions ensure PGP can properly assess your security posture without making any changes to your environment.

Permissions granted to the API client:

hosts:readSpotlight
Vulnerabilities: read

After clicking "Save" you should receive a confirmation box saying "API client created" which contains a "Client ID" and "Secret". Copy the Client ID, Secret, and Base URL and store them somewhere safe. You will not be able to access the Secret again.

CrowdStrike API Client ID and Secret

Configuring the Integration in PGP

Moving over to your PGP instance, the integration process is straightforward. Look for the Integrations section in the left navigation menu - you'll find it under the Administration heading near the bottom.

Click on "Add Integration" to see all available integration options.

You can easily locate the Crowdstrike integration either by using the search function or by browsing the Managed Detection and Response section of the integration cards.

When you click "Connect" on the Crowdstrike card, you'll see a configuration popup where you can enter the Client ID, Secret, and Base URL from your Crowdstrike API client. Once you've entered these details, PGP will begin monitoring your Crowdstrike-protected assets, providing valuable insights into potential security risks from an external perspective.

The integration creates a powerful security feedback loop - while Crowdstrike protects your endpoints from threats, PGP helps you understand how those same endpoints might appear to potential attackers, allowing you to proactively address vulnerabilities before they can be exploited.

If you run into any issues during the integration process or have questions about maximizing the value of this integration, our support team is ready to help. You can reach us at support@praetorian.com, and we'll be happy to guide you through any challenges you encounter.