# Crowdstrike

## CrowdStrike

The CrowdStrike Remediator integration allows Dropzone AI to perform automated containment actions during investigations. See the [Remediator](/integrations/remediator.md) documentation for more information.

### Integration Overview

To enable these integrations you will perform the following actions:

* Create API credentials in the CrowdStrike dashboard
* Install the credentials into your Dropzone tenant
* Select integration parameters, such as which alert types to sync

See the [CrowdStrike Data Source](https://docs.dropzone.ai/integrations/data/crowdstrike_data) page for instructions on how to complete these actions.

If you have already configured the Data Source integration, you will need to reconfigure it with the following additional remediator scopes:

| Scope                      | Read | Write | Used By    |
| -------------------------- | ---- | ----- | ---------- |
| `Hosts`                    | ✓    | ✓     | Remediator |
| `Indicators of Compromise` | ✓    | ✓     | Remediator |

## Enable CrowdStrike

To enable the Remediator integration, do the following:

* Navigate to your Dropzone AI tenant home page e.g. https\://*mycompany*.dropzone.app
* In the bottom left hand corner, navigate to Settings > Integrations

<figure><img src="/files/zN02u3HObDaemUY8E1kD" alt=""><figcaption><p>Integrations Dropdown</p></figcaption></figure>

* Click "Available" (or, if already integrated, click "Connected")

<figure><img src="/files/brI7n2Ux40Tk0jTwBCVh" alt=""><figcaption><p>Click Available</p></figcaption></figure>

* In the Search bar, search Crowdstrike, then click "Configure"
* Under the Remediator header, input the Client ID and Client Secret
  * If you use a non-default URL for the CrowdStrike API, configure the API Base URL as well

<figure><img src="/files/P6QBzGy75jqPsSrATodG" alt=""><figcaption><p>The Crowdstrike Remediator Configuration (pt 1)</p></figcaption></figure>

* In the "Available Containment Actions" section, check the Containment Actions you want to enable Dropzone to perform

<figure><img src="/files/pl41XyKEAS7CK1sdUY4R" alt=""><figcaption><p>The Crowdstrike Remediator Configuration (pt 2)</p></figcaption></figure>

* Click "Test & Save" to finish

{% hint style="warning" %}
Dropzone does not test that your permissions have been configured correctly when running Remediator Containment Actions. Be sure to double check that your configuration is correct and up to date.
{% endhint %}

If you have any errors engage your Dropzone AI support representative.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.dropzone.ai/integrations/remediator/crowdstrike_remediator.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.