There are multiple pieces of information needed to configure the Crowdstrike integration via the CLI:
crowdstrikeBaseUrl: - The URL of the Crowdstrike instance (e.g. https://mycompany.crowdstrike.com)
crowdstrikeClientId: - The Client ID for connecting to Crowdstrike
crowdstrikeClientSecret: - The Client Secret corresponding to the Client ID
Get the Crowdstrike URL and paste it into the crowdstrikeBaseUrl field in init.yaml.
Create a service account within Crowdstrike and add your client id and client secret to the corresponding fields in init.yaml. Once this is complete, the Crowdstrike integration is ready to use with the RegScale CLI.
Open your terminal.
Type the following command to initiate the login process:
You will be prompted to enter your username:
Username: [Your RegScale Username]
Next, you will be prompted to enter your password:
Password: [Your RegScale Password]
If the login is successful, you will see a message confirming that you are logged in.
To sync incidents from CrowdStrike, use the following command:
regscale crowdstrike sync_incidents --regscale_id 1 --regscale_module securityplans
--regscale_id: The ID of the RegScale module you want to associate these incidents with as per the example with an ssp.
--regscale_module: The module in RegScale where the incidents will be associated with.
Wait for the process to complete. You will see a message confirming the successful import of incidents.
Updated about 1 month ago