Configuring CrowdStrike Insight to communicate with the QRadar platform
To send alerts from CrowdStrike Falcon Insight® to the QRadar® platform, you must have Falcon administrator privileges to generate API credentials.
About this task
Procedure
- Log in to your CrowdStrike Falcon.
- From the Falcon menu, go to the Support section.
- Click .
- In the API SCOPES section, select Detections streams.
- Select the Read option.
- To save your changes, click Add.
- Record the Client ID, Client Secret, and Base URL values. You need these values when you configure the data source.
What to do next
Add a CrowdStrike Falcon Insight data source that uses the Universal Cloud REST API connector. For more information about adding a data source, see Adding ingestion data sources.