HomeLiongardRequest a DemoKnowledge Base
Guides

CrowdStrike

This document provides the steps required to configure the CrowdStrike Inspector.

Suggest Edits

👍

Quick Details

Recommended Agent: On-Demand
Supported Agents: On-Demand
Is Auto-Discovered By: N/A
Can Auto-Discover: CrowdStrike child inspectors
Parent/Child Type Inspector: Yes
Inspection via: API
Data Summary: [Here]

Overview

The CrowdStrike Inspector will enable you to centralize and automate the collection of endpoint security data from CrowdStrike Falcon. This inspector will inventory, report, and alert on endpoint protection status, threats, and security events, allowing you to improve attack surface management (ASM), compliance, and operational efficiency.

Inspector Setup Preparation

Generate an your API clients

  1. Click the menu icon located at the upper left side of the page.

  2. Navigate to Support and resources > Resources and tools > API Clients and Keys.

  3. Click Create API client.

  4. Fill in the following fields:

    1. Client Name: Liongard

    2. Description: (Optional)

    3. API Scopes: Select “Read” for API Integrations (NOTE: Scopes may change after development finalizes)

    4. Select Create.

  5. Record your Client ID, Secret, and Base URL as they will be needed for the Liongard inspector configuration. Click Done.

Liongard Inspector Setup

Step 1: Parent Inspector Setup

Since CrowdStrike EDR is a multi-tenant system where a single portal is used to manage multiple environments, we will set up a single Parent Inspector with the API Key that will then auto-discover Child Inspectors for each environment

In Liongard, navigate to Admin > Inspectors > Inspector Types > Navigate to the CrowdStrike EDR Inspector > Select Add System.

Fill in the following information:

  • Type of Inspector: Parent
  • Environment: Select your MSP Environment.
  • Friendly Name: Suggested "Liongard [Environment Name]"
  • Agent: Select the On-Demand agent.
  • Inspector Version: Latest.
  • Base URL: The URL of the CrowdStrike API.
  • Client ID: The API Key that was created from the steps above.
  • Secret: The API Secret that was created from the steps above.
  • Scheduling: The Inspector will default to run once a day when the Inspector is set up. Here, you can adjust the schedule

Select Save. The Inspector will now be triggered to run within the minute.

Step 2: Child Inspector Setup

After the first run of the Parent Inspector, your client CrowdStrike organizations will be Auto-Discovered in the Discovered Systems tab on the Inspectors > CrowdStrike EDR page.

Navigate to the Discovered Systems tab in your Inspectors > CrowdStrike EDR page.

  • Activate or Archive your Discovered Systems by ensuring they're mapped to the correct Environment. Check the checkbox to the left of Inspector(s), select the Actions drop-down menu and select Activate Launchpoints.

Updated about 19 hours ago