Crowdstrike Falcon Discover
App Vendor: Crowdstrike
App Category: Analytics & SIEM
Connector Version: 1.0.0
API Version: v1
About App
For IT and security teams who need to identify and track computers and applications on their network, CrowdStrike Falcon Discover is the CrowdStrike IT hygiene solution. CrowdStrike Falcon Discover monitors and inventories systems, application usage, and user account usage in real-time.
The Crowdstrike Falcon Discover app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Generic Action | This is a generic action to perform any additional use case on CrowdStrike Falcon Discover. |
Get Asset Details | This action retrieves the details of an asset. |
Search Assets | This action allows the user to search for assets. |
Configuration Parameters
The following configuration parameters are required for the CrowdStrike Falcon Discover app to communicate with the CrowdStrike Falcon Discover enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL to connect to the CrowdStrike Falcon Discover application. | Text | Required | |
Client ID | Enter the client ID to authenticate the client. | Text | Required | |
Client Secret Key | Enter the client secret key to authenticate the client. | Password | Required | |
Verify | Choose to perform certificate verification for SSL connections. | Boolean | Optional | Default value: false Allowed values:
|
Action: Generic Action
This is a generic action to perform any additional use case that you want on CrowdStrike Falcon Discover.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Endpoint | Enter the endpoint. Example: "discover/queries/hosts/v1" | Text | Required | |
Method | Enter the HTTP method. Example:
| Text | Required | |
Payload | Enter the payload. Example: {"Action": "Retrieving the asset details"} | Key Value | Optional | |
Query Params | Enter the query parameters to filter results. Example: {"limit": 100} | Key Value | Optional |
Example Request
[
{
"method":"GET",
"payload":{"Action":"Retrieving the asset details"},
"endpoint":"discover/queries/hosts/v1",
"query_params": {"limit": 100}
}
]Action: Get Asset Details
This action retrieves the details of an asset.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Asset ID | Enter the asset ID to retrieve the details of an asset. Example: "5c4a1e9ffc24464a9776c61afxx569a2_3910037191xx611592" | Text | Required |
Example Request
[
{
"id":"5c4a1e9ffc24464a9776c61afxx569a2_3910037191xx611592"
}
]Action: Search Assets
This action searches for assets.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Last Seen Timestamp | Enter the last seen timestamp of an asset. Example: "2020-06-16t11:58:12z" | Text | Optional | |
Entity Type | Enter the entity type. Example:
| Text | Optional | All |
Limit | Enter the limit to retrieve a number of assets. Example: 40 | Integer | Optional | Default value: 100 |
Offset | Enter the offset value for pagination. Example: 0 | Integer | Optional | Allowed values:
|
Platform Name | Enter the platform name. Example:
| Text | Optional | |
OS Version | Enter the operating system (OS) version. Example:
| Text | Optional | |
Extra Params | Enter the extra parameters. | Key Value | Optional | Allowed keys:
|
Example Request
[
{
"last_seen_timestamp":"2020-06-16t11:58:12z",
"limit":10,
"offset":0,
"platform_name":"Windows",
"os_version":"Windows Server 2008 R2"
}
]