Apps
Crowdstrike Falcon Spotlight

Interpres Application - Crowdstrike Falcon Spotlight

  • Type: Vulnerability
  • Vendor: Crowdstrike

The Crowdstrike Spotlight App Returns Hosts and Vulnerabilities as seen by Crowdstrike.

Vendor setup

  1. Go to Support and Resources then API clients and keys
Document image

  1. Click Create API client
  2. For Client name enter “Interpres”
  3. Add the below Scopes as with the “Read” permission
Text

  1. Click Create
Document image

  1. Copy the Client ID, Secret, and Base URL to Interpres. If setting up more than one CrowdStrike integration (e.g. CrowdStrike Falcon EDR and CrowdStrike Spotlight) then do not click Done until you have used these credentials for both integrations.
Document image


App Configuration

App Parameters:

  • Base URL: the base url for the api this should just be scheme + host e.g. https://api.us-2.crowdstrike.com
  • Client ID: The API Client ID created
  • Client Secret: The API Client ID created
  • asset_last_seen_days: This is a number of days you would like to include assets if they have checked in within that period

App Validation

Check there is connectivity (green light) in the integration created.

Implemented Actions

  • Get Assets: Returns a list of assets.
  • Get Vulnerabilities: Gets a list of hosts and their active CVEs.



Did this page help you?
PREVIOUS
Interpres Application - Crowdstrike Falcon
NEXT
Interpres Application - CyCraft-Xensor
Docs powered by Archbee