CrowdStrike

1. Login to your CrowdStrike Falcon interface as an administrative user
2. Select the Falcon Menu, select Support, then select API Clients and Keys
3. Select "Add new API client"
4. Enter a client name and description
   1. Client name: Cork - Read Only
   2. Description: API connection for corkinc.com
5. Select Read for the following scopes:
   1. Detects
   2. Hosts
   3. User Management
   4. Flight Control (MSSP)
6. Save the values for API URL, Client ID, and Client Secret
7. Navigate to the Integrations page in Cork and find CrowdStrike under EDR
8. Select the correct API region:
   1. US-1 maps to api.crowdstrike.com
   2. US-2 maps to api.us-2.crowdstrike.com
   3. EU-1 maps to api.eu-1.crowdstrike.com
   4. US-GOV-1 maps to api.laggar.gcw.crowdstrike.com
   5. US-GOV-2 maps to api.us-gov-2.crowdstrike.mil
9. Press "Connect and Continue"

NOTE: Due to the limitations of CrowdStrike's API we can only get information on your child tenants, however, we can get the CID of your tenant and that will show up as "Internal" when mapping clients.

Enabling Cork Protection API Integration with CrowdStrike Falcon Using IP Allowlist Management

Some CrowdStrike Falcon configurations restrict access by IP. If your setup uses IP restrictions, you must add Cork’s NAT IP address to the allowlist.

1. Navigate to IP Allowlist Management: Go to "Host setup and management" then select "IP Allowlist Management."
   • Click “Create IP group” if needed.
   • Enter a descriptive group name for allowed Cork outbound connections (e.g., “Cork Protection Outbound”) .
2. Add Cork Protection NAT IP:
   1. In the new or existing IP group, add the following NAT IP address:

      34.237.46.79

   2. Save and confirm that this IP appears in your allowed list .