Skip to main content
CrowdStrike Streaming

Trigger workflows in Torq based on CrowdStrike streaming API for Falcon events.

Updated over 2 months ago

Trigger Workflows in Torq from CrowdStrike Streaming Actions

Note that the CrowdStrike Streaming integration works only as a trigger integration and cannot be used to authorize steps.

Generate a CrowdStrike Streaming API Key

  1. In Falcon, go to Support > API Clients and Keys.

  2. Click Create API Client, and give it a meaningful name and description.

  3. Assign the new API key to at least the permission streaming:read.

  4. Copy the ClientID and Client Secret and save them in a secure location. You will not be able to access them again and will need them later in Torq.

  5. Copy the Base URL.

  6. Click Done.

Create a CrowdStrike Streaming Integration in Torq

  1. Go to Build > Integrations > Steps > CrowdStrike Streaming and click Add.

  2. Give the integration a unique and meaningful name.

  3. Paste the ClientID you copied earlier.

  4. Paste the Client Secret you copied earlier.

  5. Paste the Base URL you copied earlier.

  6. Under Token URL, paste https://api.us-2.crowdstrike.com/oauth2/token but replace the api.us-2 to match the api.xx-# in the Base URL you copied earlier (the URL may be slightly different for EU users, or depending if you are in us-1, us-2, etc. cloud environments).

  7. Click Add.

Did this answer your question?