The CrowdStrike Streaming integration lets you trigger Torq workflows based on CrowdStrike Streaming actions. This integration supports trigger workflows only and cannot be used to authorize steps.
How to use
Generate a CrowdStrike Streaming API key
Open API settings: In Falcon, go to Support > API Clients and Keys.
Create an API client: Click Create API Client, enter a meaningful name and description.
Set permissions: Search for
stream, and enable Read for Event streams.Save credentials: Copy the Client ID and Client Secret and store them securely, you won't be able to access them again.
Copy the Base URL.
Finalize: Click Done.
Create a CrowdStrike Streaming integration in Torq
Add the integration: Go to Build > Integrations > Steps > CrowdStrike Streaming and click Add Instance.
Name the integration: Enter a unique and meaningful name.
Enter credentials: Paste the Client ID, Client Secret, and Base URL you copied earlier.
Set the Token URL: Enter the OAuth2 token URL for your CrowdStrike region. To find your region, check the URL in your browser after logging into the Falcon Console.
Finalize: Click Add.
Region | Token URL |
US-1 |
|
US-2 |
|
EU-1 |
|
US Gov |
|

