Integrating Permissions
This document describes integrating the Rezonate product with CrowdStrike Falcon, which provides observability to on-premise hosts, users, and CrowdStrike detection data.
Integrate through Webhook
Note: To Integrate, please perform the following actions after authenticating to CrowdStrike as a Falcon Administrator.
Click "Add Configuration" and configure the following:
Name: Rezonate Webhook
Webhook URL: {Url Received From Rezonate}
HMAC Secret Key: {HMAC Received from Rezonate}
Signature Header Name: Keep the default value (X-Cs-Primary-Signature)
Save configuration
Click Create workflow
Click Create Workflow from scratch on the new page and then click Next.
Click on βAdd actionβ
Choose βCall webhookβ.
In the Webhook name, choose the new βRezonate Webhookβ.
In data to include, choose the following data points:
Alert ID
Behavior timestamp
Command Line
Description
Executable SHA256
File Path
Name
Sensor platform
Sensor hostname
Sensor domain
Sensor local IP address
Sensor external IP address
Sensor Host ID
Severity
Tactic
Technique
User name
User ID
Action Taken
Now click next and finish.
Name the workflow as βRezonate Workflowβ
Turn the workflow status to On
Save workflow
Integrate through API Key
To Integrate, please perform the following actions after authenticating to CrowdStrike as a Falcon Administrator
Configure the following:
Client name - βRezonate Integrationβ
Description - βAPI key used by Rezonateβ
Scopes:
Alerts - Read
Detections - Read
Hosts - Read
IOC Management - Read, Write
IOCs (Indicators of Compromise) - Read, Write
OPTIONAL: Discover - Read
Click Create.
Copy the Client ID, Secret, and Base URL and share them back with Rezonate.
Last updated