CrowdStrike Falcon EDR
CrowdStrike Falcon EDR is a Security input connector. Connect to your CrowdStrike API to start collecting EDR alerts. Create a CrowdStrike Client ID and Client Secret with the Web UI permissions before connecting.
IP Allowlists
You might need to add the Monad IP range of 34.210.32.104/32 to your CrowdStrike Falcon EDR allowlist, so Monad can connect to it.
Create CrowdStrike Credentials
Before you connect Monad to CrowdStrike, you need a Client ID and Client Secret.
You will need a CrowdStrike Falcon administrator account.
- On the CrowdStrike Falcon Platform, navigate to API Clients and Keys.
- In the OAuth2 API Clients table, click Add new API client.
- Enter Client Name, Description and API Scopes to define the API client. Ensure all read roles are enabled.
- Click Add to save the API client and generate the client ID and secret key.
Set up a CrowdStrike Falcon EDR input connector in Monad
To set up a CrowdStrike Falcon EDR connector, you need a Client ID and a Client Secret. Once you have this information, you set up the connector:
- Log in to your Monad account, and click Add connector.
- Select the CrowdStrike Falcon EDR connector.
- Optionally, change the default name for the connector. This name serves as a label for the connector in the Monad app, and you can change it later.
- Enter the credentials you created.
- Select the region to use. The default is “US1” and should be used if you’re unsure.
- (Optional) - set your connector schedule
- Click Connect.
That’s it! Monad tests the connection to CrowdStrike Falcon EDR. If the account is configured correctly, you’re ready to pull your CrowdStrike data into Monad!
This page was last modified: 15 Nov 2023