Salto

Salto's CrowdStrike Falcon adapter allows you to:

Fetch CrowdStrike Falcon endpoint security configuration data, such as firewall and prevention policies, ML exclusions and host groups

Add configuration elements to a version control system such as GitHub, BitBucket or others

Monitor specific changes of interest, e.g., device control policies

Analyze your CrowdStrike Falcon security posture and remediate common issues

- Fetch CrowdStrike Falcon endpoint security configuration data, such as firewall and prevention policies, ML exclusions and host groups
- Compare CrowdStrike environments
- Add configuration elements to a version control system such as GitHub, BitBucket or others
- Monitor specific changes of interest, e.g., device control policies
- Analyze your CrowdStrike Falcon security posture and remediate common issues

- Firewall Rule Groups and Rules
- Custom IOA Rule Groups
- Policies

- Exclusions
  - Cert-based
  - ML exclusions
- Firewall
  - Firewall Rule Groups and Rules
  - Custom IOA Rule Groups
  - Policies
- Prevention Policies
- Sensor Update Policies
- Sensor Visibility Policies
- Locations
- Cloud Connect Accounts

In the CrowdStrike Falcon menu, go to "Support and resources" --&gt;  "API clients and keys", then click on "Create API client".

Add read and write permissions for the following scopes:

- CSPM registration
- Custom IOA rules
- Device control policies
- Hosts
- Assets
- Firewall mangement
- Host groups
- Machine Learning Exclusions
- Prevention policies
- IOA Exclusions
- Sensor update policies
- Sensor Visibility Exclusions
- User management

Add a CrowdStrike Falcon service to a Salto environment by selecting the environment --&gt; "Settings" --&gt; "Application Connections" --&gt; "Connect an Application"

You will be asked to provide base URL (according to the CrowdStrike region of your account, e.g., <a href="https://api.us-2.crowdstrike.com" rel="nofollow noopener noreferrer" target="_blank">https://api.us-2.crowdstrike.com</a>), the client ID, and client secret you created.

1. In the CrowdStrike Falcon menu, go to "Support and resources" --&gt;  "API clients and keys", then click on "Create API client".
2. Add read and write permissions for the following scopes:
   - CSPM registration
   - Custom IOA rules
   - Device control policies
   - Hosts
   - Assets
   - Firewall mangement
   - Host groups
   - Machine Learning Exclusions
   - Prevention policies
   - IOA Exclusions
   - Sensor update policies
   - Sensor Visibility Exclusions
   - User management
3. Add a CrowdStrike Falcon service to a Salto environment by selecting the environment --&gt; "Settings" --&gt; "Application Connections" --&gt; "Connect an Application"
4. You will be asked to provide base URL (according to the CrowdStrike region of your account, e.g., <a href="https://api.us-2.crowdstrike.com" rel="nofollow noopener noreferrer" target="_blank">https://api.us-2.crowdstrike.com</a>), the client ID, and client secret you created.

Salto for CrowdStrike Falcon - Overview

Supported Types

Connect your CrowdStrike Falcon instance