Overview
The Blumira integration with CrowdStrike Falcon Endpoint Protection will stream server and workstation endpoint security event logs and alerts to the Blumira service for threat detection and actionable response.
Before you begin
To configure the integration with Blumira, you must first create a new API client in the CrowdStrike Falcon Console and gather these credentials:
- Client ID
- Client Secret
- Base URL
To obtain these credentials, follow these instructions:
- Log in to the CrowdStrike Falcon Console.
- Navigate to Support and resources > API clients and keys.
- Click Add new API client in the OAuth2 API Clients section.
- Type Blumira Events in the Client Name field.
- (Optional) In the Description field, type a description that makes sense to your organization.
-
In the Scopes table, select the Read check box next to each of the following:
- Alerts
- Detections
- Hosts
- Actors Falcon Intelligence
- Reports
- Host Groups
- Event Streams
- Click Create.
-
In the API client created window, copy and save the following to use in the Blumira Cloud Connector:
- Client ID
- Secret
-
Base URL
- Click Done.
Providing your CrowdStrike credentials to Blumira
Cloud Connectors automate the configuration of your integrations without requiring you to use a sensor. After you obtain your integration's configuration parameters, you can then enable Blumira to collect your logs.
To configure the Blumira Cloud Connector:
- In the Blumira app, navigate to Settings > Cloud Connectors.
- Click + Add Cloud Connector.
- In the Available Cloud Connectors window, click the connector you want to add.
- In the Cloud Connector Name box, type a name to help identify the specific integration.
- Enter the credentials that you collected in the previous steps.
- Click Connect.
Note: In some cases, outbound traffic is blocked, and the Google Cloud services that Blumira uses must be added to your CrowdStrike API allowlist to make the connection successful. If you see "403: not authorized" errors when attempting to set up your CrowdStrike connector, allowlist the resources provided in the article Allowlisting outbound traffic for Blumira sensors.