Salto's CrowdStrike Falcon adapter allows you to:
Fetch CrowdStrike Falcon endpoint security configuration data, such as firewall and prevention policies, ML exclusions and host groups
Compare CrowdStrike environments
Add configuration elements to a version control system such as GitHub, BitBucket or others
Monitor specific changes of interest, e.g., device control policies
Analyze your CrowdStrike Falcon security posture and remediate common issues
Supported Types
Exclusions
Cert-based
ML exclusions
Firewall
Firewall Rule Groups and Rules
Custom IOA Rule Groups
Policies
Prevention Policies
Sensor Update Policies
Sensor Visibility Policies
Locations
Cloud Connect Accounts
Connect your CrowdStrike Falcon instance
In the CrowdStrike Falcon menu, go to "Support and resources" --> "API clients and keys", then click on "Create API client".
Add read and write permissions for the following scopes:
Content Update Policy
Correlation Rules
CSPM registration
Custom IOA rules
D4C registration
Channel File Control Settings
Device control policies
Hosts
Assets
Falcon Container Image
Firewall mangement
Host groups
Identity Protection Policy Rules
IOC Management
Machine Learning Exclusions
Prevention policies
Response policies
IOA Exclusions
Sensor Download
Sensor update policies
Sensor Visibility Exclusions
User management
Workflow
Add a CrowdStrike Falcon service to a Salto environment by selecting the environment --> "Settings" --> "Application Connections" --> "Connect an Application"
You will be asked to provide base URL (according to the CrowdStrike region of your account, e.g., https://api.us-2.crowdstrike.com), the client ID, and client secret you created.