For Leen to authenticate with CrowdStrike, we require the following:

  1. Base URL: The base URL that corresponds to the cloud where your integration is hosted. It has the format of https://api[<deployment>].crowdstrike.com. Most likely one of the following based on the region:
  2. Client ID: OAuth2 based Client ID.
  3. Client Secret: Oauth2 based Client Secret.

Leen requires certain access permissions(scopes). These credentials are associated with the scopes.

User setup and Permissions

Here is how you can create API keys with the minimum required permissions for the integration:

1

Create an API Client with scopes

In the CrowdStrike Falcon console, navigate to the API Clients and Keys page and click on Create API client.

Here, enter the details to define your API client - Client Name(required, can be anything eg. leen) and Description(optional).

Along with that we setup the necessary API Scopes:

  1. Detections - Read
  2. Hosts - Read
  3. Host Groups - Read
  4. User Management - Read
  5. Prevention Policies - Read
  6. Device Control Policies - Read
  7. Real Time Response Policies - Read
  8. Sensor Update Policies - Read

Click Create to save the API client and generate the Client ID and Client Secret.

Record your API client secret somewhere safe. After the credential window is closed, the secret is no longer visible.

2

Enter Credentials

After creating the API Client credentials, Copy the Base URL, Client ID and Client Secret into the CrowdStrike EDR connector in their respective fields.

Credentials: SentinelOne EDRCredentials: Microsoft Defender EDR