CrowdStrike provides endpoint protection, threat intelligence, and response services.
Torq enables quick and easy integration with CrowdStrike, so you can automate anything and everything within moments. Torq's pre-built CrowdStrike steps include:
Add Host to Group
Contain Host
Create Indicator
Delete Host
Download MTRE Report
+55 more...
If you don't see a step you need, you can create your own in various ways, such as using the Send an HTTP Request step or Torq’s Step Builder, and share it across your organization.
Use CrowdStrike Steps in a Torq Workflow
This method of creating a CrowdStrike integration requires a Create a session step whenever you use CrowdStrike steps. It has been replaced with the CrowdStrike API Client steps integration. To use the API-key method, please contact Torq support.
Step One: Generate a CrowdStrike API Key
Navigate to API Clients and Keys: Click the menu and go to Support > Resources and tools > API Clients and Keys.
Create a Client: Click Create API client.
Give the client a unique and meaningful name. For example,
TorqWorkflows
.Give the client a relevant description. For example,
This key is used in Torq workflows to automate investigations of CrowdStrike detections
.Select one or more scopes for the key. You must apply relevant scopes to perform desired actions within Torq workflows. For example, if you want to modify or edit a detection within a workflow, you need to apply the
Read
andWrite
scope forDetections
.
Finalize: Click Create.
Save Information: Copy and save the values for the following fields, which you must enter when configuring the CrowdStrike steps integration in Torq. Be sure to save them somewhere - you will not be able to access them again.
CLIENT ID
SECRET
BASE URL
Step Two: Create a CrowdStrike Steps Integration in Torq
Navigate to Integration: In Torq, go to Build > Integrations > Steps > CrowdStrike and click Add.
Set Up Integration:
Give the integration a unique and meaningful name - you cannot change this later.
Add the Base URL created earlier.
Add the Client ID created earlier.
Add the Clicent Secret created earlier.
Finalize: Click Add to save.
Step Three: Use CrowdStrike Steps in a Workflow
Access Token: CrowdStrike requires an access token for API call sessions.
Add Step: Before using CrowdStrike steps in a workflow, you must add the CrowdStrike step
Create a session
to your canvas.Automate Token Creation: This generates an access token, which will then be used as an input parameter for subsequent CrowdStrike steps within that workflow.
A new access token is created per workflow execution.
Templates
Now that you've added your integration check out these specially crafted templates by Torq's security experts. Visit Torq's template library for more.