Salto

Salto's CrowdStrike Falcon adapter allows you to:

Fetch CrowdStrike Falcon endpoint security configuration data, such as firewall and prevention policies, ML exclusions and host groups

Add configuration elements to a version control system such as GitHub, BitBucket or others

Monitor specific changes of interest, e.g., device control policies

Analyze your CrowdStrike Falcon security posture and remediate common issues

- Fetch CrowdStrike Falcon endpoint security configuration data, such as firewall and prevention policies, ML exclusions and host groups
- Compare CrowdStrike environments
- Add configuration elements to a version control system such as GitHub, BitBucket or others
- Monitor specific changes of interest, e.g., device control policies
- Analyze your CrowdStrike Falcon security posture and remediate common issues

- Firewall Rule Groups and Rules
- Custom IOA Rule Groups
- Policies

- Exclusions
  - Cert-based
  - ML exclusions
- Firewall
  - Firewall Rule Groups and Rules
  - Custom IOA Rule Groups
  - Policies
- Prevention Policies
- Sensor Update Policies
- Sensor Visibility Policies
- Locations
- Cloud Connect Accounts

In the CrowdStrike Falcon menu, go to "Support and resources" --&gt;  "API clients and keys", then click on "Create API client".

Add read and write permissions for the following scopes:

- Content Update Policy
- Correlation Rules
- CSPM registration
- Custom IOA rules
- D4C registration
- Channel File Control Settings
- Device control policies
- Hosts
- Assets
- Falcon Container Image
- Firewall mangement
- Host groups
- Identity Protection Policy Rules
- IOC Management
- Machine Learning Exclusions
- Prevention policies
- Response policies
- IOA Exclusions
- Sensor Download
- Sensor update policies
- Sensor Visibility Exclusions
- User management
- Workflow

Add a CrowdStrike Falcon service to a Salto environment by selecting the environment --&gt; "Settings" --&gt; "Application Connections" --&gt; "Connect an Application"

You will be asked to provide base URL (according to the CrowdStrike region of your account, e.g., <a href="https://api.us-2.crowdstrike.com" rel="nofollow noopener noreferrer" target="_blank">https://api.us-2.crowdstrike.com</a>), the client ID, and client secret you created.

1. In the CrowdStrike Falcon menu, go to "Support and resources" --&gt;  "API clients and keys", then click on "Create API client".
2. Add read and write permissions for the following scopes:
   - Content Update Policy
   - Correlation Rules
   - CSPM registration
   - Custom IOA rules
   - D4C registration
   - Channel File Control Settings
   - Device control policies
   - Hosts
   - Assets
   - Falcon Container Image
   - Firewall mangement
   - Host groups
   - Identity Protection Policy Rules
   - IOC Management
   - Machine Learning Exclusions
   - Prevention policies
   - Response policies
   - IOA Exclusions
   - Sensor Download
   - Sensor update policies
   - Sensor Visibility Exclusions
   - User management
   - Workflow
3. Add a CrowdStrike Falcon service to a Salto environment by selecting the environment --&gt; "Settings" --&gt; "Application Connections" --&gt; "Connect an Application"
4. You will be asked to provide base URL (according to the CrowdStrike region of your account, e.g., <a href="https://api.us-2.crowdstrike.com" rel="nofollow noopener noreferrer" target="_blank">https://api.us-2.crowdstrike.com</a>), the client ID, and client secret you created.

Salto for CrowdStrike Falcon - Overview

Start your free trial

Find answers and get help from Intercom Support and Community Experts

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Salto for CrowdStrike Falcon - Overview

Supported Types

Connect your CrowdStrike Falcon instance