CrowdStrike Falcon Endpoint Protection Actions

Actions for CrowdStrike Falcon Endpoint Protection #

Send Data to CrowdStrike Falcon Endpoint Protection. Sends a custom set of Lucidum data to CrowdStrike Falcon Endpoint Protection.

Use Cases #

Below are the possible use cases for these actions:

If you want to run Lucidum “headless”, you can send relevant data to CrowdStrike Falcon Endpoint Protection on a regular schedule.
You can send normalized, enriched Lucidum data to CrowdStrike Falcon Endpoint Protection to be indexed, searched, and analyzed.

Prerequisites #

To execute CrowdStrike Falcon Endpoint Protection actions, you must

Configure a CrowdStrike Falcon Endpoint Protection API connection beforehand. The required parameters are described in the instructions for creating a CrowdStrike Falcon Endpoint Protection connector in Lucidum https://lucidum.io/docs/crowdstrike-falcon-endpoint-protection-platform/.

NOTE. The specified account should have read and write permissions.

Workflows #

CrowdStrike Falcon Endpoint Protection Configuration #

To create a configuration for CrowdStrike Falcon Endpoint Protection? actions:

crowdstrike_falcon_endpoint_protection_configuration_2.png

Configuration Name. Identifier for the Configuration. This name will appear in the Lucidum Action Center.
URL. The URL for the CrowdStrike API. By default, this value is https://api.crowdstrike.com. Other possible values are:
- For legacy CrowdStrike API: https://falconapi.crowdstrike.com.
- Alternate URL for the current API: https://api.us-2.crowdstrike.com.
Client ID. For the current version of the CrowdStrike API, enter the API Client ID. For previous versions of the CrowdStrike API, enter the user name.
API Secret. For current versions of the CrowdStrike API, enter the API Secret. For previous versions of the CrowdStrike API, enter the user API Key.To test the configuration, click Test.
Max # of Records per Payload. The maximum number of records to send to CrowdStrike Falcon Endpoint Protection in each action. The default value is “50”.

Create a New Action #

To create an action for CrowdStrike Falcon Endpoint Protection, contact Lucidum customer care.

Solutions

COMPANY

Resource Library

Ready to Try?

What is Lucidum?

Getting Started with Lucidum

Proxy Server

Managing Users

Connectors

Dashboards

Value-Oriented Dashboards (VODs)

Streamlining Queries with SmartLabels and Tags

Value-Oriented SmartLabels (VOSLs)

Risk

Actions

Use Cases

Viewing Data

Running Headless with Webhooks

Lucidum API v1

Lucidum API v2

Sending Alerts to Slack

Managing Your Lucidum System

CrowdStrike Falcon Endpoint Protection Actions

Actions for CrowdStrike Falcon Endpoint Protection #

Use Cases #

Prerequisites #

Workflows #

CrowdStrike Falcon Endpoint Protection Configuration #

Create a New Action #

What are your Feelings

Quick LInks

SOLUTIONS

COMPANY

RESOURCES

Solutions

COMPANY

Resource Library

Solutions

COMPANY

Resource Library

Ready to Try?

Actions for CrowdStrike Falcon Endpoint Protection #

Use Cases #

Prerequisites #

Workflows #

CrowdStrike Falcon Endpoint Protection Configuration #

Create a New Action #

What are your Feelings

Share This Article :

Still stuck? How can we help?

Quick LInks

SOLUTIONS

COMPANY

RESOURCES

Solutions

COMPANY

Resource Library