CrowdStrike Falcon Spotlight, part of CrowdStrike Falcon® Exposure Management , brings IT and Security teams together and improves visibility by combining CrowdStrike Expert Prediction Rating Artificial Intelligence (ExPRT) data with deployment and management capabilities. Rather than exporting vulnerability data from CrowdStrike Falcon for patching, the integration includes ExPRT ratings from CrowdStrike directly in , so you can prioritize patching preferences according to your organizations requirements and remediate vulnerabilities faster.
Adaptiva and CrowdStrike have integrated CrowdStrike Falcon Spotlight vulnerability metadata with Adaptiva Patch metadata to allow Patch Deployment Bots to deploy patches based on Spotlight vulnerability metadata.
To access CrowdStrike Falcon Spotlight from , you must have a license from CrowdStrike that allows you to access CrowdStrike Falcon.
-
Select Falcon Access Settings in the left navigation menu of the OneSite Patch Dashboard.
This opens the Falcon Access Settings dialog.
-
Enter the Falcon Access Settings. If you do not have these details, see Create a CrowdStrike API Client.
-
Enter the Client ID, Secret, and Base URL in the respective fields of the Falcon Access Settings dialog.
-
Select Save on the upper-left corner of the settings dialog. This populates Roles, Business Units, and vulnerability information in related to the CrowdStrike Client ID.
-
Select Business Units in the left navigation pane of the OneSite Patch Dashboard to verify that your client Business Units and templates exist.
Create a CrowdStrike API Client to generate the client settings needed to access CrowdStrike Falcon Spotlight.
-
Log in to your CrowdStrike Falcon Spotlight dashboard.
-
Select the Stack icon on the upper-left corner of Dashboards and reports.
-
Select Support and resources in the left navigation pane, and then select API clients and keys.
-
Select Create API Client at the upper right.
This opens the Create API Client dialog.
In the CrowdStrike Falcon Spotlight Create API Client dialog, complete the following steps:
-
Enter a Client name, and then enter a Description of the client.
-
Select Read access in the Scope column for each of the following items:
-
Host Groups
-
Vulnerabilities
-
User Management
-
-
Select Create. This opens the API client created response, which contains the details you must enter in the Falcon Spotlight Access Settings.
Important
The details for the API client created screen shows these details only once. Be sure to save this information in a safe location so you can access it later, if needed.
-
Copy and paste the API client created details directly into the fields of the Falcon Spotlight Access Settings dialog in the Adaptiva OneSite Admin Portal.
-
Select Save on the upper-left corner of the settings dialog. This populates Roles, Business Units, and vulnerability information in OneSite Patch related to the CrowdStrike Client ID.
-
Select Business Units in the left navigation pane of the OneSite Patch Dashboard to verify the information to verify availability of your Hosts.
View, create, or modify Administrators and Roles. Changes made here effect all licensed OneSite products.
After integrating CrowdStrike Falcon with , you can view your list of CrowdStrike users and assigned roles for your integrated hosts. To make any changes to Administrators or Roles, you must use the CrowdStrike product.
-
Select on the upper right of the OneSite Admin Portal dashboard.
-
Select Settings > Security > Administrator to open the Settings page with the Administrators tab selected. To open to a different tab, select a different item from the final menu.
-
Select Show All to view existing administrators.
-
Select an Administrators folder from the Administrators tab of Security Settings.
-
Select Show All to list all Administrators in the selected folder.
To make any changes to Administrators, you must use the CrowdStrike Falcon Spotlight product.
-
Select an Administrators folder from the Administrators tab of Security Settings, and then select + NEW to open the new administrator template.
-
Enter the Administrator Details:
-
Select the Admin Type login from the list. Adaptiva recommends Windows Active Directory.
-
Enter the email address and login details for the new administrator.
-
-
Enter the User Details:
-
Add the Name and contact details for the new administrator.
-
Choose country codes from the drop-down lists for phone numbers.
-
-
Assign Direct Roles:
-
Select + Manage Roles.
-
Select one or more roles for the new administrator:
-
High level roles include All Admin Role, Read-only Admin Role, and Super Admin Role.
-
To create additional roles, see Create a New Role.
-
-
Select Manage Roles on the bottom-left corner of the dialog to return to the .
-
-
Select Save at the top left to save the new administrator.
-
Select a Roles folder from the Roles tab of Access Security Settings.
-
Select Show All to list all Roles in the selected folder.
To make any changes to Roles, you must use the CrowdStrike product.
-
Select a Roles folder from the Roles tab of Security Settings, and then select + NEW to open a new Role template.
-
Enter a Role Name and a detailed Role Description in the Role Properties workspace.
-
Add one or more Direct Administrators in the Role Membership section:
-
Select Add Administrators to open the Add Administrators dialog.
-
Select one or more administrators from the table for the new role.
-
Select Add Administrators to return to the Role template.
-
-
Add an existing AD Group (Active Directory):
-
Select Add AD Group to open the Active Directory Group dialog.
-
Enter the the Domain Name and Group Name, and then select Check Group to locate. If it exists, the group name appears in the data table.
-
Select Add AD Group to return to the Role template.
-
-
Select Save at the top left to save the new role:
Comments
0 comments
Article is closed for comments.