Articles in this section

See more

Integrate Falcon Spotlight

Avatar
Tom Gibson
  • Updated
Follow

CrowdStrike, part of CrowdStrike Falcon® Exposure Management, brings IT and Security teams together and improves visibility by combining CrowdStrike Expert Prediction Rating Artificial Intelligence (ExPRT) data with OneSite Patch deployment and management capabilities. Rather than exporting vulnerability data from CrowdStrike Falcon for patching, the integration includes ExPRT ratings from CrowdStrike directly in OneSite Patch, so you can prioritize patching preferences according to your organizations requirements and remediate vulnerabilities faster.

Using Falcon Spotlight in OneSite Patch

Adaptiva and CrowdStrike Falcon® Exposure Management have integrated CrowdStrike vulnerability metadata with Adaptiva Patch metadata to allow Patch Deployment Bots to deploy patches based on Spotlight vulnerability metadata.

To access CrowdStrike from OneSite Patch, you must have a license from CrowdStrike that allows you to access CrowdStrike Falcon.

Access Falcon Spotlight

  1. Select Falcon Access Settings in the left navigation menu of the OneSite Patch Dashboard.

    OSP-Ent-CRWD-CrowdStrikeFalconMenu.png

    This opens the Falcon Access Settings dialog.

    OSP-Ent-CRWD-EnterFalconSettings.png

  2. Enter the Falcon Access Settings. If you do not have these details, see Create a CrowdStrike API Client.

Enter the Falcon Access Setting Details

  1. Enter the Client ID, Secret, and Base URL in the respective fields of the Falcon Access Settings dialog.

    OSP-CRWD-INT-falconaccesssettings.png

  2. Select Save on the upper-left corner of the settings dialog. This populates Roles, Business Units, and vulnerability information in OneSite Patch related to the CrowdStrike Client ID.

  3. Select Business Units in the left navigation pane of the OneSite Patch Dashboard to verify that your client Business Units and templates exist.

Create a CrowdStrike API Client

Create a CrowdStrike API Client to generate the client settings needed to access CrowdStrike.

  1. Log in to your CrowdStrike Falcon Spotlight dashboard.

  2. Select the Stack icon on the upper-left of Dashboards and reports.

    OSP-Ent-CRWD-FalconDashboardStack.png

  3. Select Support and resources in the left navigation pane, and then select API clients and keys.

    OSP-Ent-CRWD-FalconDashboardSelections.png

  4. Select Create API Client at the upper right.

    OSP-Ent-CRWD-CreateFalconAPIclient.png

    This opens the Create API Client dialog.

    OSP-Ent-CRWD-ConfigFalconAPIclient.png

Set Client Details

In the CrowdStrike Falcon Spotlight Create API Client dialog, complete the following steps:

  1. Enter a Client name, and then enter a Description of the client.

  2. Select Read access in the Scope column for each of the following items:

    • Host Groups: A collection of devices that Adaptiva retrieves from CrowdStrike and uses to create business units.

    • Vulnerabilities: A list of defined vulnerabilities (trigger properties) that Adaptiva retrieves from CrowdStrike. Adaptiva utilizes these properties to set automation, such as scheduling based on ExPRT.AI ratings.

    • User Management: The OneSite Platform retrieves and adds CrowdStrike users and roles to the platform. The system automatically adds all users to the read-only, All Admins role.

      Important

      There is a built-in Approval Chain for the All Admins role, and users with this role will receive approval requests if this chain is assigned to a strategy.

  3. Select Create. This opens the API client created response, which contains the details you must enter in the Falcon Spotlight Access Settings.

    OSP-CRWD-INT-apiclientcreated.png

    Important

    The details for the API client created screen show these details only once. Be sure to save this information in a safe location so you can access it later, if needed.

  4. Copy and paste the API client created details directly into the fields of the Falcon Spotlight Access Settings dialog in the Adaptiva OneSite Admin Portal.

    OSP-CRWD-INT-falconaccesssettings.png

  5. Select Save on the upper-left of the settings dialog. This populates Roles, Business Units, and vulnerability information in OneSite Patch related to the CrowdStrike Client ID.

  6. Select Business Units in the left navigation pane of the OneSite Patch Dashboard to verify the availability of your Hosts.

Security

View, create, or modify Administrators and Roles, enable OIDC or SAML providers, and assign permissions to Roles. Changes made here affect all licensed OneSite products. How to assign Class Permissions to a role is coming soon.

You can view your list of CrowdStrike users and their assigned roles.

Access Security Settings

  1. Select OS-AP-GearIcon.png on the upper-right of the Admin Portal dashboard.

  2. Open the Settings page with the Administrators tab selected to manage accounts, roles, OIDC Providers, SAML Providers, and Class Permissions.

View Administrators

View Roles

Related articles

Comments

0 comments

Article is closed for comments.