« Cases connector and action D3 Security connector and action »
Elastic Docs Kibana Guide [8.19] Stack Management Connectors

CrowdStrike connector

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

CrowdStrike connector

edit

The CrowdStrike connector communicates with CrowdStrike Management Console via REST API.

To use this connector, you must have authority to run Endpoint Security connectors, which is an Actions and Connectors sub-feature privilege. Refer to Kibana privileges.

Create connectors in Kibana

edit

You can create connectors in Stack Management > Connectors. For example:

CrowdStrike connector
Connector configuration
edit

CrowdStrike connectors have the following configuration properties:

CrowdStrike API URL
The CrowdStrike tenant URL. If you are using the xpack.actions.allowedHosts setting, make sure the hostname is added to the allowed hosts.
CrowdStrike client ID
The CrowdStrike API client identifier.
Client secret
The CrowdStrike API client secret to authenticate the client ID.

Test connectors

edit

You can test connectors as you’re creating or editing the connector in Kibana. For example:

CrowdStrike connector test

The CrowdStrike action has the following configuration properties:

Agent IDs
Get details about one or more CrowdStrike agent IDs.
« Cases connector and action D3 Security connector and action »