Configuring CrowdStrike Insight to communicate with the QRadar platform

To send alerts from CrowdStrike Falcon Insight® to the QRadar® platform, you must have Falcon administrator privileges to generate API credentials.

About this task

Before you can add a data source in the QRadar platform, you need to obtain a Client ID, Client Secret key and Base URL from CrowdStrike Falcon.

Procedure

  1. Log in to your CrowdStrike Falcon.
  2. From the Falcon menu, go to the Support section.
  3. Click API Clients and Keys > Add new API client.
  4. In the API SCOPES section, select Detections streams.
  5. Select the Read option.
  6. To save your changes, click Add.
  7. Record the Client ID, Client Secret, and Base URL values. You need these values when you configure the data source.

What to do next

Add a CrowdStrike Falcon Insight data source that uses the Universal Cloud REST API connector. For more information about adding a data source, see Adding ingestion data sources.