CrowdStrike

Generate API credentials in CrowdStrike

Note: To define a CrowdStrike API client, you must be designated as Falcon Administrator role to view, create, or modify API clients or keys. Secrets are only shown when a new API Client is created or when it is reset.

• When logged into the Falcon UI, navigate to Support > API Clients and Keys.

• When you click “Add new API Client” you will be prompted to give a descriptive name and select the appropriate API scopes: user management:read

• After you click save, you will be presented with the Client ID and Client Secret.

• API hostname will be api.crowdstrike.com by default but also support different sub-domain like https://api.us-2.crowdstrike.com

Note: The secret will only be shown once and should be stored in a secure place. If the Client Secret is lost, a reset must be performed and any applications relying on the Client Secret will need to be updated with the new credentials.

Setup CrowdStrike Application API Integration on Zilla

1. Visit the Zilla application and login using your admin credentials and then click on Add Application in the top right.

Open

2. A window with a search bar appears, type in CrowdStrike in the search bar and hit enter. CrowdStrike app entry will appear at the top of the list, click Add to Applications button to the right.

Open

3. Fill in the form with appropriate details and then click Add to Applications.

Open

4. The CrowdStrike app will be added to the Applications tab. Click on CrowdStrike in Application column.

Open

5. A detailed view of CrowdStrike application appears. Click Sync now in top right corner.

Open

6. Enable API Integration. Enter the API hostname, API client ID and API client secret obtained above into the respective text boxes and click Sync Now/Next.

Open

7. Click Next and the sync will begin, then click Done.

Open

Open

8. Successful sync will pop up with Sync Summary.