# Execute Response Actions with Crowdstrike OAuth2

In this guide, you will create new credentials for Crowdstrike OAuth2 in order to enable containment and remediation tasks.

<details>

<summary><i class="fa-bolt-lightning">:bolt-lightning:</i> <mark style="color:red;">Available actions</mark></summary>

The following actions are available after you set up the Crowdstrike OAuth2 action connector. Keep in mind, additional permissions are required.

* Block files
* Isolate device
* Release devices from isolation

</details>

At the end of this configuration, you will provide Radiant Security with these values:

* **Client ID**
* **Secret**
* **Base URL**

### Prerequisites

* [ ] Permissions: Falcon Administrator
* [ ] License: Falcon Insight

### Create credentials for Crowdstrike Oauth

1. Log in to your CrowdStrike Falcon console as an administrator.
2. From the upper left corner, click the **Menu** **icon**.
3. Click **Support and Resource**, then select **API Clients and Keys**.
4. Click **Add new API client** under the **OAuth2 API Clients** section.
5. Add the following information:
   * Name: `Radiant Security API Access`
   * Description: `Enable Radiant Security to take containment and remediation actions.`
   * Permissions:

     <table><thead><tr><th width="123">Permission</th><th width="82">Read</th><th width="78">Write</th><th>Use Case</th></tr></thead><tbody><tr><td>Hosts</td><td>X</td><td>X</td><td>Endpoint telemetry, endpoint device context, endpoint actions</td></tr><tr><td>Indicators</td><td>X</td><td>X</td><td>Endpoint telemetry, endpoint actions</td></tr></tbody></table>
6. Click **Add**.
7. Copy the Client ID, Secret ID, and Base URL for the next steps.
   * `Client ID`
   * `Client Secret Key`
   * `Base URL`\
     \
     ![CS SSD](https://20705827.fs1.hubspotusercontent-na1.net/hubfs/20705827/Knowledge%20Base%20Articles/Action%20Connector%20-%20Crowdstrike%20OAuth2/CS%20SSD.jpg)

{% hint style="warning" %}
**Important note:** Be sure to document and store the **Secret** carefully, as it cannot be retrieved later.
{% endhint %}

### Add the data connector in Radiant Security

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, select **Settings** > **Data Connector** and click **+ Add Connector**.
3. Select the **Crowdstrike OAuth2** vendor from the list and click **Data Feeds.**
4. Under **Select your data feeds,** select **SSD** and **Crowdstrike** **API** and click **Credentials.**
5. Under **Credential Name**, give the credential an identifiable name (e.g.`Crowdstrike Credentials`).
6. Under **Required** **Credentials**, add the **API** **Base** **URL** and the **API Token** that you copied from the previous section.
7. Click **Add Connector** to save the changes.<br>

### Add an action connector

1. From the navigation menu, select **Settings** > **Action Connectors** and click **+ Add Connector** to create a new action connector.
2. Select the correct vendor from the list.
3. Confirm that the selected credentials are correct.
4. Click **Add Connector** to finish creating the new action connector.\ <br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/crowdstrike-oauth2/execute-response-actions-with-crowdstrike-oauth2.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.