The CrowdStrike Remediator integration allows Dropzone AI to perform automated containment actions during investigations. See the Remediator documentation for more information.
Integration Overview
To enable these integrations you will perform the following actions:
Create API credentials in the CrowdStrike dashboard
Install the credentials into your Dropzone tenant
Select integration parameters, such as which alert types to sync
If you have already configured the Data Source integration, you will need to reconfigure it with the following additional remediator scopes:
Scope
Read
Write
Used By
Hosts
✓
✓
Remediator
Indicators of Compromise
✓
✓
Remediator
Enable CrowdStrike
To enable the Remediator integration, do the following:
Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app
In the bottom left hand corner, navigate to Settings > Integrations
Integrations Dropdown
Click "Available" (or, if already integrated, click "Connected")
Click Available
In the Search bar, search Crowdstrike, then click "Configure"
Under the Remediator header, input the Client ID and Client Secret
If you use a non-default URL for the CrowdStrike API, configure the API Base URL as well
The Crowdstrike Remediator Configuration (pt 1)
In the "Available Containment Actions" section, check the Containment Actions you want to enable Dropzone to perform
The Crowdstrike Remediator Configuration (pt 2)
Click "Test & Save" to finish
Dropzone does not test that your permissions have been configured correctly when running Remediator Containment Actions. Be sure to double check that your configuration is correct and up to date.
If you have any errors engage your Dropzone AI support representative.
