CrowdStrike

The Dropzone AI platform integrates with the CrowdStrike APIs. This document describes how to set up API credentials and install them into the Dropzone platform.

Integration Overview

To enable these integrations you will perform the following actions:

• Create API credentials in the CrowdStrike dashboard

• Install the credentials into your Dropzone tenant (Data Source and Alert Source)

• Select integration parameters, such as which alert types to sync

Create an API Key

• As an Admin, go to your CrowdStrike dashboard, e.g. https://falcon.us-#.crowdstrike.com/

• From the menu in the upper left, navigate to Support and Resources > API clients and keys

• On the right, click "Create API Client"

• On the "Create API Client" page, input "Dropzone AI" in the client name field. Under "Description," write "Dropzone AI Integration Key"

• Enable the following scopes:

• When done, click "Create"

• Copy the Client ID and Secret for use later in the Dropzone UI where they are called "Client ID" and "Client Secret" respectively

Enable Crowdstrike

The Data source integration allows Dropzone AI to interact with your CrowdStrike environment to gather information for use in investigation analysis and interactive chat.

You'll need the following information:

To enable the Data Source integration, do the following:

• Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app

• In the bottom left hand corner, navigate to Settings > Integrations

• Click "Available"

• In the Search bar, search CrowdStrike, then click "Configure"

• Under the Data Source header, input the Client ID and Client Secret

• Check the boxes to enable Crowdstrike's Identity Protection and Next-Gen SIEM services

• Click "Test & Save" to finish

If you have any errors engage your Dropzone AI support representative.