Netskope Help

Configure the CrowdStrike Plugin in Threat Exchange

You will need the CrowdStrike API Client Base URL, Client ID, and Client Secret to complete this configuration.

  1. In Cloud Exchange, go to Settings and click Plugins.

  2. Select the CrowdStrike box to open the plugin creation pages.

  3. Enter and select the Basic Information on the first page:

    • Configuration Name: Enter a name appropriate for your integration.

    • Filter Query: Leave the default.

    • Age of Indicators: Leave the default.

    • Poll Interval: Adjust to environment needs. We recommend not to go below 5 minutes for production environments.

    • Aging Criteria: Leave the default.

  4. Click Next.

  5. Enter and select the Configuration Parameters on the second page:

    • Base URL: From the CrowdStrike API Client you created previously. Should be the default for most use cases.

    • Client ID: From the CrowdStrike API Client you created previously.

    • Client Secret: From the CrowdStrike API Client you created previously.

    • Enable Polling: Leave the default.

    • Type of Threat data to pull: Select Malware.

    • Initial Range: Set an appropriate for your use case. The default is 7 days of past detections.

    • Indicator Batch Size: Leave the default.

    • CrowdStrike Share Level: Leave the default.

    • CrowdStrike Detect Policy: Leave the default.

    • IoC Source: Adjust appropriately. The default works for most scenarios.

  6. Click Save in the top right. Go to Threat Exchange > Plugins to see your new CrowdStrike plugin.