CrowdStrike

1. Login to your CrowdStrike Falcon interface as an administrative user
2. Select the Falcon Menu, select Support, then select API Clients and Keys
3. Select "Add new API client"
4. Enter a client name and description
   1. Client name: Cork - Read Only
   2. Description: API connection for corkinc.com
5. Select Read for the following scopes:
   1. Detects
   2. Hosts
   3. User Management
   4. Flight Control (MSSP)
6. Save the values for API URL, Client ID, and Client Secret
7. Navigate to the Integrations page in Cork and find CrowdStrike under EDR
8. Select the correct API region:
   1. US-1 maps to api.crowdstrike.com
   2. US-2 maps to api.us-2.crowdstrike.com
   3. EU-1 maps to api.eu-1.crowdstrike.com
   4. US-GOV-1 maps to api.laggar.gcw.crowdstrike.com
   5. US-GOV-2 maps to api.us-gov-2.crowdstrike.mil
9. Press "Connect and Continue"

NOTE: Due to the limitations of CrowdStrike's API we can only get information on your child tenants, however, we can get the CID of your tenant and that will show up as "Internal" when mapping clients.