Action Connectors
      Back to home
      1. Radiant Help Center
      2. Getting Started
      3. Action Connectors

      Action Connector: Crowdstrike OAuth2

      Configure the action connector for Crowdstrike OAuth2.

      Overview

      In this guide, you will create new credentials for Crowdstrike OAuth2 in order to enable containment and remediation tasks.

      At the end of this configuration, you will provide Radiant Security with these values:

      • Client ID
      • Secret
      • Base URL

      Prerequisites

      Permissions: Falcon Administrator

      License: Falcon Insight

       

      In this guide, you'll onboard the Crowdstrike OAuth2 action connector by completing the following steps:

      • Create credentials for Crowdstrike OAuth2
      • Add the data connector in Radiant Security
      • Add the action connector

      Create credentials for Crowdstrike Oauth

      1. Log in to your CrowdStrike Falcon console as an administrator.

      2. From the upper left corner, click the Menu icon.

      3. Click Support and Resource, then select API Clients and Keys.

      4. Click Add new API client under the OAuth2 API Clients section.

      5. Add the following information:

        1. Name: Radiant Security API Access

        2. Description: Enable Radiant Security to take containment and remediation actions.

        3. Permissions:

          Permission Read Write Use Case
          Detection X   Endpoint telemetry
          Hosts X X Endpoint telemetry, endpoint device context, endpoint actions
          Incidents X   Endpoint telemetry
          Indicators X X Endpoint telemetry, endpoint actions

      6. Click ADD.

      7. Copy the Client ID, Secret ID, and Base URL for the next steps.

        • Client ID
        • Client Secret Key
        • Base URL

          CS SSD

      Important note: Be sure to document and store the Secret carefully, as it cannot be retrieved later.

      Add the data connector in Radiant Security

      1. Log in to Radiant Security.
      2. From the navigation menu, select Settings > Data Connector and click + Add Connector.
      3. Select the Crowdstrike OAuth2 vendor from the list and click Data Feeds.
        Captura de Tela 2024-02-29 às 10.18.36
      4. Under Select your data feeds, select SSD and Crowdstrike API and click Credentials.
        Captura de Tela 2024-02-29 às 10.18.43
      5. Under Credential Name, give the credential an identifiable name (e.g.Crowdstrike Credentials).
      6. Under Required Credentials, add the API Base URL and the API Token that you copied from the previous section.
      7. Click Add Connector to save the changes.
        Captura de Tela 2024-02-29 às 10.23.33

      Add an action connector

      1. From the navigation menu, select Settings > Action Connectors and click + Add Connector to create a new action connector.
      2. Select the correct vendor from the list.
        Captura de Tela 2024-02-29 às 10.33.40
      3. Confirm that the selected credentials are correct.
      4. Click Add Connector to finish creating the new action connector.
        Captura de Tela 2024-02-29 às 10.37.51

      We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai 

       

      Last updated: 2024-11-18