Crowdstrike
This page describes connecting your Crowdstrike instance to RegScale. This will allow you to sync incidents and associate them with your SSP.
init.yaml Configuration
There are multiple pieces of information needed to configure the Crowdstrike integration via the CLI:
crowdstrikeBaseUrl
: - The URL of the Crowdstrike instance (e.g. https://mycompany.crowdstrike.com)
crowdstrikeClientId
: - The Client ID for connecting to Crowdstrike
crowdstrikeClientSecret
: - The Client Secret corresponding to the Client ID
Get the Crowdstrike URL and paste it into the crowdstrikeBaseUrl field in init.yaml.
Create a service account within Crowdstrike and add your client id and client secret to the corresponding fields in init.yaml. Once this is complete, the Crowdstrike integration is ready to use with the RegScale CLI.
Logging In
-
Open your terminal.
-
Type the following command to initiate the login process:
regscale login
-
You will be prompted to enter your username:
Username: [Your RegScale Username]
-
Next, you will be prompted to enter your password:
Password: [Your RegScale Password]
-
If the login is successful, you will see a message confirming that you are logged in.
Syncing CrowdStrike Incidents
-
To sync incidents from CrowdStrike, use the following command:
regscale crowdstrike sync_incidents --regscale_id 1 --regscale_module securityplans
--regscale_id
: The ID of the RegScale module you want to associate these incidents with as per the example with an ssp.--regscale_module
: The module in RegScale where the incidents will be associated with.
-
Wait for the process to complete. You will see a message confirming the successful import of incidents.
Syncing Crowdstrike Compliance Status
-
To sync incidents from CrowdStrike, use the following command:
regscale crowdstrike sync_compliance --ssp_id 1 --catalog_id 1 --framework NIST800-53R5
--ssp_id
: The ID of the RegScale security plan with which you want to associate the compliance.--catalog_id
: The ID of the RegScale catalog to use for the sync.--framework
: The Controls Framework to match: Either NIST SP-800-53 rev 5:NIST800-53R5
or NIST Cybersecurity Framework:CSF
-
Wait for the process to complete. You will see a message confirming the successful import of compliance.
Updated 8 months ago