# CrowdStrike

## Usage <a href="#usage" id="usage"></a>

The Crowdstrike Block Type Response Integration offers a robust security solution tailored for enhancing defense against cyber threats. By leveraging Crowdstrike's industry-leading threat intelligence and response capabilities, this integration enables users to automate the process of identifying and blocking malicious activities in real-time. Whether it's stopping a known malware attack or preventing suspicious IP addresses from accessing sensitive resources, the integration provides a streamlined way to enforce security policies and respond to threats.

## Prerequisites <a href="#prerequisites" id="prerequisites"></a>

Before configuring the Crowdstrike block type response integration in Netography, you will need to have an API Client setup from Crowdstrike.

### Create an API Client <a href="#create-an-api-client" id="create-an-api-client"></a>

1. Within your CrowdStrike portal, go to **support and resources**, then select **API clients and keys**

   ![](/files/6BjKGyJDC98spprIvfjQ)
2. Input a name and description for your Netography Crowdstrike Response integration. Ensure that **Read** and **Write** are checked for the Hosts API scope as shown below, and click **ADD** to create your API client details to use.

   ![](/files/ESolWAFAfcKm8Cn3XxHN)
3. Once created, copy the `CLIENT ID`, `SECRET`, `BASE URL`. These values will be used to onfigure the CrowdStrike response integration in Netography.

   ![](/files/X8y5uVF6V3T0m3cMgxdM)

## Netography Portal Steps <a href="#netography-portal-steps" id="netography-portal-steps"></a>

In **Settings > Response Integrations**, click **Add Integration**. Select **Crowdstrike**

![](/files/14yVHmbZdw9VOC7aKsXa)

### Configuration <a href="#configuration" id="configuration"></a>

The following fields are specific to the CrowdStrike integration.

| Field        | Type    | Required | Description                                        | Examples |
| ------------ | ------- | -------- | -------------------------------------------------- | -------- |
| `API URL`    | string  | yes      | The CrowdStrike `BASE_URL`                         |          |
| `Factors`    | string  | yes      | Additional information regarding the integration   | srcip    |
| `Expiration` | integer |          | Number of seconds the blocklist will remain active |          |
| `Max`        | integer |          | Limit on number of blocks                          | 1000     |

### Authentication <a href="#authentication" id="authentication"></a>

The following fields are necessary for the integration to authenticate with CrowdStrike.

| Field           | Required | Description                 |
| --------------- | -------- | --------------------------- |
| `Client ID`     | yes      | The CrowdStrike `CLIENT ID` |
| `Client Secret` | yes      | The CrowdStrike `SECRET`    |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.fusion.vectra.ai/automate-responses/configuring-response-integrations/crowdstrike.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.